Sujet Précédent Sujet Suivant

Besoin d'un nettoyage virus ou autre

stepheve -  
 stepheve -
Bonjour,
j'ai besoin de vous pour vérifier un peu mon ordi,depuis hier il me fait de drole de truc,comme par exemple me reconnecter à chaque fois sur les forums ou je vais alors qu'avant c'etait automatique et tout à l'heure mon ecran est devenu tout noir et la il saute de temp en temp,j'ai ete obligé de faire un redemarrage,voila un rapport d'hijackthis sous vista,merci à vous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:01, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mirar - {7C523BE7-3EB3-4FD5-87D1-FC95E65AA763} - C:\Windows\system32\winja75.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mirar - {7C523BE6-3EB3-4FD5-87D1-FC95E65AA763} - C:\Windows\system32\winja75.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\STPHAN~1\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (file missing)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Users\stéphanie\Toox\Groom\Groom.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
A voir également:

47 réponses

Réponse 1 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bonjour,

Il y a plusieurs infections sur ton ordinateur

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

Fais un clic-droit sur le raccourci de Toolbar-S&D sur le Bureau et choisis " Exécuter en tant qu' Administrateur"
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

0
Réponse 2 / 47
stepheve
 
merci à toi de ton aide,je m'en doutais un peu,voici le rapport

-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : stéphanie ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:113 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:68 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT - Total:957 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 25/11/2008|16:35 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\ContextEnhancer
C:\Program Files\ContextEnhancer\ContextEnhancer.dat
C:\Program Files\ContextEnhancer\pcre3.dll
C:\Program Files\ContextEnhancer\uninstall.exe
C:\Program Files\FBrowserAdvisor
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
C:\Program Files\VMNToolbar
C:\Program Files\VMNToolbar\uninstall.exe
C:\Program Files\VMNToolbar\vmntoolbar.dll.old33
C:\Program Files\VVSN
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Local Page"="C:\\Windows\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page"="https://home.sweetim.com/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint Cracks 7.iqp.lnk
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint_Shop_Pro_11.20_crack_pifoman.zip.lnk
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint_Shop_Pro_X_crack_pifoman.zip.lnk
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\CORE.NFO
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\CORE10k.EXE
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\file_id.diz
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\keygen.exe

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 25/11/2008|16:36 - Option : [1]

-----------\\ Fin du rapport a 16:36:09,78
0
Réponse 3 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Et moi je me doutais un peu que le rapport indiquerait des cracks... Pas étonnant que ton ordinateur soit infecté ! Les cracks installent très souvent des infections : https://forum.malekal.com/viewtopic.php?f=33&t=893
Il faut les bannir complément... Si tu ne les supprimes pas, inutile de continuer la désinfection, les cracks et keygens réinfecteront ton ordinateur sans arrêt !

C'est dommage, parce que PhotoFiltre existe en version gratuite, et je suppose qu'il y a des équivalents gratuits à Paint Shop Pro...

---> Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :

:processes
explorer.exe

:files
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint Cracks 7.iqp.lnk
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint_Shop_Pro_11.20_crack_pifoman.zip.lnk
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint_Shop_Pro_X_crack_pifoman.zip.lnk
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\CORE.NFO
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\CORE10k.EXE
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\file_id.diz
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\keygen.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log

0
Réponse 4 / 47
stepheve Messages postés 12 Statut Membre
 
je me suis acharné à installer paint shop pro et meme la version d'eval ne voulait pas s'installer,donc c vrai que j'ai cherché les cracks mais bon impossible de l'avoir,je fais de s uite ce que tu me demandes,merci encore
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Une fois les craks supprimés, fais un clic-droit sur le raccourci Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu'administrateur"
Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

0
Réponse 6 / 47
stepheve
 
voici le premier rapport demandé

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint Cracks 7.iqp.lnk moved successfully.
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint_Shop_Pro_11.20_crack_pifoman.zip.lnk moved successfully.
C:\Users\STPHAN~1\AppData\Roaming\Microsoft\Windows\Recent\Paint_Shop_Pro_X_crack_pifoman.zip.lnk moved successfully.
C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen moved successfully.
File/Folder C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\CORE.NFO not found.
File/Folder C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\CORE10k.EXE not found.
File/Folder C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\file_id.diz not found.
File/Folder C:\Users\STPHAN~1\Incomplete\E5TTV7Q4B4X2GLERTP2DFVDO44G5LYG3\PhotoFiltre.Studio.9.2.1.CORE - [PeerDen]\Photofiltre Studio 9.2.1.CORE\keygen\keygen.exe not found.
========== COMMANDS ==========
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\etilqs_oXSe32l31JFH7xwxDIfw scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DF426D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DFDE1B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DFE0B8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STPHAN~1\AppData\Local\Temp\~DFEE38.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\ZUM690A.tmp\upgrade.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZUM3F9E.tmp\upgrade.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZUM3BA5.tmp\upgrade.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\osversion.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\osversionwap.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Users\stéphanie\AppData\Local\Mozilla\Firefox\Profiles\k0u2daf0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\stéphanie\AppData\Local\Mozilla\Firefox\Profiles\k0u2daf0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\stéphanie\AppData\Local\Mozilla\Firefox\Profiles\k0u2daf0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\stéphanie\AppData\Local\Mozilla\Firefox\Profiles\k0u2daf0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\stéphanie\AppData\Local\Mozilla\Firefox\Profiles\k0u2daf0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\stéphanie\AppData\Local\Mozilla\Firefox\Profiles\k0u2daf0.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_173148
0
Réponse 7 / 47
stepheve
 
et voici le rapport de toolbar

-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : stéphanie ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:113 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:68 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT - Total:957 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [2] ( 25/11/2008|17:43 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\ContextEnhancer\ContextEnhancer.dat
Supprime! - C:\Program Files\ContextEnhancer\pcre3.dll
Supprime! - C:\Program Files\ContextEnhancer\uninstall.exe
Supprime! - C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
Supprime! - C:\Program Files\FBrowsingAdvisor\Logo.png
Supprime! - C:\Program Files\FBrowsingAdvisor\main.db
Supprime! - C:\Program Files\FBrowsingAdvisor\unins000.dat
Supprime! - C:\Program Files\FBrowsingAdvisor\unins000.exe
Supprime! - C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll.old33
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
Supprime! - C:\Program Files\ContextEnhancer
Supprime! - C:\Program Files\FBrowserAdvisor
Supprime! - C:\Program Files\FBrowsingAdvisor
Supprime! - C:\Program Files\VMNToolbar
Supprime! - C:\Program Files\VVSN

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Local Page"="C:\\Windows\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 25/11/2008|16:36 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/11/2008|17:44 - Option : [2]

-----------\\ Fin du rapport a 17:44:47,62
0
Réponse 8 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Tu supprimeras manuellement les cracks qui se trouvent dans ce dossier stp :
C:\Users\STPHAN~1\Incomplete

(Menu démarrer --> Ordinateur --> Disque C --> Utilisateurs --> Stephane --> Incomplete)

Ensuite, passe à Toolbar S&D comme indiqué juste au dessus

0
Réponse 9 / 47
stepheve
 
voici le rapport

-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : stéphanie ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:113 Go (Free:27 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:68 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT - Total:957 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [2] ( 25/11/2008|17:52 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Local Page"="C:\\Windows\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 25/11/2008|16:36 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/11/2008|17:44 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 25/11/2008|17:52 - Option : [2]

-----------\\ Fin du rapport a 17:52:24,00
0
Réponse 10 / 47
stepheve
 
j'ai aussi un soucis dont je dois vous parlez mais je ne sais pas dans quel categorie poster,depuis que j'ai mon ordi,il deconne,je n'ai jamais retrouvé la facture pour le ramener au SAV ,en faite mon ordi se bloque d'un coup,je suis obligé d'attendre qu'il se debloque ou faire redemarrage,tout devient fixe,je ne sais pas de quoi ca vient,peut tu me dire ou je pourrais demander de l'aide ou meme toi si tu serais de quoi ça provient?
0
Réponse 11 / 47
stepheve
 
roooooc'est énervant je suis tout le temp déconnecté sur les forums qu'avant ça le faisait pas
0
Réponse 12 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Pour finir la désinfection :

Télécharge et installe Malwarebytes' Anti-Malware
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats
- Coche tous les éléments détectés puis clique sur Supprimer la sélection
- Enregistre le rapport
- S'il t'est demandé de redémarrer, clique sur Yes

Poste le rapport de scan après la suppression ici

Poste ensuite un nouveau rapport hijackthis.

Sinon, pour ton problème sur les forums, c'est peut-être un problème de cookies, rappelle moi de t'aider pour ça après la désinfection.

Pour le SAV, le magasin où tu as acheté l'ordinateur doit pouvoir t'aider sans ça, tous les achats sont enregistrés à la trésorerie, demande leur de te founir un duplicata ou autre justificatif pour faire marcher la garantie...

0
Réponse 13 / 47
stepheve
 
voici le premier rapport

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1423
Windows 6.0.6001 Service Pack 1

25/11/2008 22:47:46
mbam-log-2008-11-25 (22-47-46).txt

Type de recherche: Examen rapide
Eléments examinés: 44044
Temps écoulé: 3 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\optimizer.adssite2 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\optimizer.adssite2.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2ed7cd5f-aee2-4b09-82f4-c96eb7c02c87} (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c523be7-3eb3-4fd5-87d1-fc95e65aa763} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c523be7-3eb3-4fd5-87d1-fc95e65aa763} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\Windows\System32\winja75.dll (Adware.BHO) -> Quarantined and deleted successfully.
0
Réponse 14 / 47
stepheve
 
et le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:01, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mirar - {7C523BE7-3EB3-4FD5-87D1-FC95E65AA763} - C:\Windows\system32\winja75.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mirar - {7C523BE6-3EB3-4FD5-87D1-FC95E65AA763} - C:\Windows\system32\winja75.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\STPHAN~1\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (file missing)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Users\stéphanie\Toox\Groom\Groom.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 15 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Scan saved at 12:10:01, on 25/11/2008

==> il me faut un scan récent stp ;)
Pour lancer hijackthis, fais un clic-droit et choisis "Exécuter en temps qu'administrateur"

Ensuite, télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton Bureau
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

0
Réponse 16 / 47
stepheve
 
oups désolée

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:31, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\STK014_V2.01\STK014M.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mirar - {7C523BE6-3EB3-4FD5-87D1-FC95E65AA763} - C:\Windows\system32\winja75.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\STPHAN~1\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (file missing)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Users\stéphanie\Toox\Groom\Groom.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 17 / 47
stepheve
 
je viens de faire ce que tu m'as dit avec ad removed et ça a dit acces refusé
0
Réponse 18 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
C'est ma faute, j'ai oublié que tu étais sous Vista...

Avant d'utiliser Ad-Remover, il faut désactiver le contrôle des comptes utilisateurs :
Menu démarrer --> panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Puis redémarre ton ordinateur.

Ensuite, lance Ad-Remover en faisant un clic-droit sur le raccourci présent sur ton bureau et en choisissant "Exécuter en tant qu'administrateur"

0
Réponse 19 / 47
stepheve
 
voila c fait,mon ordi est resté bloqué encore un moment quand j'ai fait ça

F --------- Logfile of AD-Remover 1.0.4.4 by C_XX ---------

START at: 10:30:41 | 26/11/2008
ON: Microsoft Windows [version 6.0.6001] ( Windows Vista )
Internet Explorer: 7.0.6001.18000
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: st‚phanie | PC: PC-DE-STPHANIE
BOOT MODE: Normal
UAC is disable
DRIVE(S): C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [452]
C:\Windows\system32\csrss.exe [520]
C:\Windows\system32\wininit.exe [572]
C:\Windows\system32\csrss.exe [580]
C:\Windows\system32\services.exe [620]
C:\Windows\system32\winlogon.exe [676]
C:\Windows\system32\lsass.exe [688]
C:\Windows\system32\lsm.exe [696]
C:\Windows\system32\svchost.exe [840]
C:\Windows\system32\svchost.exe [900]
C:\Windows\System32\svchost.exe [940]
C:\Windows\system32\Ati2evxx.exe [992]
C:\Windows\System32\svchost.exe [1012]
C:\Windows\System32\svchost.exe [1084]
C:\Windows\system32\svchost.exe [1100]
C:\Windows\system32\SLsvc.exe [1240]
C:\Windows\system32\svchost.exe [1284]
C:\Windows\system32\svchost.exe [1460]
C:\Windows\system32\Ati2evxx.exe [1568]
C:\Windows\System32\spoolsv.exe [1800]
C:\Windows\system32\taskeng.exe [1864]
C:\Windows\system32\Dwm.exe [1884]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [1908]
C:\Windows\system32\svchost.exe [1932]
C:\Windows\Explorer.EXE [1960]
C:\Program Files\Windows Defender\MSASCui.exe [1500]
C:\Windows\system32\taskeng.exe [1488]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [1604]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [1952]
C:\Windows\VM_STI.EXE [2028]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2044]
C:\Windows\System32\SysMonitor.exe [2012]
C:\Windows\RtHDVCpl.exe [260]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [284]
C:\Program Files\iTunes\iTunesHelper.exe [304]
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE [496]
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe [1096]
C:\Program Files\Windows Sidebar\sidebar.exe [328]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2068]
C:\Windows\ehome\ehtray.exe [2160]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2188]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2200]
C:\Program Files\STK014_V2.01\STK014M.exe [2216]
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2228]
C:\Windows\ehome\ehmsas.exe [2368]
C:\PROGRA~1\INCRED~1\bin\IMApp.exe [2544]
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE [2684]
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE [2796]
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [3192]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [3276]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [3296]
C:\Program Files\Common Files\LightScribe\LSSrvc.exe [3348]
C:\Windows\system32\PSIService.exe [3488]
C:\Program Files\CyberLink\Shared Files\RichVideo.exe [3592]
C:\Windows\system32\svchost.exe [3660]
C:\Windows\system32\SearchIndexer.exe [3708]
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [3748]
C:\Windows\system32\WUDFHost.exe [3944]
C:\Windows\system32\wbem\wmiprvse.exe [1584]
C:\Program Files\iPod\bin\iPodService.exe [3144]
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2564]
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [3012]
C:\Program Files\Windows Live\Messenger\usnsvc.exe [2024]
C:\Program Files\Mozilla Firefox\firefox.exe [5040]
C:\Windows\system32\conime.exe [4964]

---------------------------- [~> 65]

+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\310EAEEA1F2951542B8731F9A196A253"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+

[15/09/2007 21:21|d--------] C:\Program Files\EoRezo
[15/09/2007 21:21|d--------] C:\Users\st‚phanie\AppData\Roaming\EoRezo
[18/12/2007 21:13|d--------] C:\Program Files\Macrogaming

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\k0u2daf0.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.4 ~~~~

Start Page : "http://mystart.magentic.com/french/"

+----------+

+---------------------------------------------------------------------------+

+---------- Added scan ...

+-----[HKLM\...\Run]

Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
BigDogPath REG_SZ C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Acer Empowering Technology Monitor REG_SZ C:\Windows\system32\SysMonitor.exe
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition D‚couverte\3.0\Apps\apdproxy.exe"
RtHDVCpl REG_SZ RtHDVCpl.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
zzz_ImInstaller_IncrediMail REG_SZ C:\Users\STPHAN~1\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail
trioService REG_SZ "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
Ulead AutoDetector v2 REG_SZ C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

+-----[HKCU\...\Run]

Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 156 lines ]
+---------------------------------------------------------------------------+

[ END at: 10:30:51 | 26/11/2008 ] - [ Time elapsed: 10.6 seconds ]
0
Réponse 20 / 47
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
! Déconnectes toi et fermes toutes applications en cours !

Relance "Ad-remover".
Au menu principal choisis l'option "B" .

Coche à l'écran de sélection :

Suppression Eorezo

Puis choisis "S" , le programme va travailler,

Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

0

Discussions similaires

Meilleure application pour nettoyer IPhone et photos
Berline -
Berline -

3 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses