POP UP =@

Lamiss92 -  
 LadyNana -
Bonjour,
jespere que quelqun peut maider car jai tout le temps des pop up qui saffichent sur mon ordi
et pourtant jai mis un anitivirus, jai désactiver les fenetres intempestives et voilaa
Merci de votre aide
Configuration: Windows XP
Internet Explorer 7.0

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème concerne des pop-ups persistants sur Windows XP avec Internet Explorer 7, probablement liés à une infection ou à des barres d’outils indésirables. Des outils de détection et de suppression comme Malwarebytes et HijackThis sont recommandés pour cibler les composants malveillants et générer des rapports permettant l’action corrective, le redémarrage pouvant être nécessaire. Le diagnostic HijackThis révèle de nombreuses entrées suspectes dans les BHOs et les démarrages, nécessitant l’élimination des programmes indésirables tels que les barres d’outils et les services associées. En priorité, supprimer AskToolbar via le Panneau de configuration et nettoyer les modifications des pages d’accueil et de moteur de recherche, puis relancer le système pour finaliser la correction.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ric025
     
    Salut!

    Peut-être une infection. Fais ceci:

    Télécharge d'abord cet outil qui va permettre de cibler l'infection:

    hijackthis

    Installe-le dans son dossier par défaut et lance-le.

    Choisis l'option "Do a system scan and save a Logfile".

    Copie/colle alors le rapport généré dans ta prochaine réponse. Si je détecte une infection, je te fais passer sur le forum virus/sécurité.

    A++ ;)
    1
    1. Lamiss92
       
      le rapport ce qui est ds le bloc note ?
      0
  2. g.chinal Messages postés 1151 Date d'inscription   Statut Membre Dernière intervention   76
     
    Salut vla un bon navigateur il bloque bien les po-up essay ^^
    http://www.mozilla-europe.org/fr/firefox/
    0
  3. ric025
     
    Tout à fait. Copie/colle-le en entier, s'il te plait.
    0
    1. Lamiss92
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:52:01, on 17/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
      C:\Program Files\EoRezo\EoEngine.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {06DF596B-3170-4F07-BE10-86E31456BC56} - C:\WINDOWS\system32\wvUkKbBR.dll (file missing)
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
      O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: (no name) - {C39E3B47-23C0-4FC6-A982-D4315B378F12} - C:\WINDOWS\system32\xxyvVlIX.dll (file missing)
      O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\N@N@.ANAIS\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5AA554-5DDC-45D7-9590-FD04B2FCF0E1}: NameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{827676D7-A3CD-44E0-B170-5DD625221768}: NameServer = 192.168.1.1
      O20 - Winlogon Notify: wvUkKbBR - wvUkKbBR.dll (file missing)
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  4. g.chinal Messages postés 1151 Date d'inscription   Statut Membre Dernière intervention   76
     
    Cool comme sa jvais apprendre a men servir moi aussi xD
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ric025
     
    Lamiss92 -->

    As-tu été désinfectée récemment?

    eorezo--> Pas très bon.

    En fait, on vérifier d'abord quelque chose:

    Commence par ceci:

    Télécharge malwarebytes

    Installe-le en veillant bien à ce que la case de mise à jour soit cochée en fin d'installation.

    Lance-le et après la mise à jour, coche la case "Examen Rapide".

    Après le scan, si le programme trouve quelque chose, clique sur "Voir les résultats" puis sur "Supprimer la sélection"
    .
    Si MBAM te demande de rebooter pour finaliser la suppression, accepte.

    Poste ensuite le rapport généré dans ta prochaine réponse.

    A+
    0
    1. Lamiss92
       
      non pas désinfecté
      je tenvoie tout ça =)
      0
    2. Lamiss92
       
      c'est normal que la recherche dure longtemps ?
      ça fait 11 minutes et quelques
      0
    3. Lamiss92
       
      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1511
      Windows 5.1.2600 Service Pack 2

      17/12/2008 14:18:23
      mbam-log-2008-12-17 (14-18-23).txt

      Type de recherche: Examen rapide
      Eléments examinés: 76968
      Temps écoulé: 19 minute(s), 23 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 15
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 13
      Fichier(s) infecté(s): 13

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukkbbr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Local Settings\Temp\ac8zt2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\wvUkKbBR.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ctfmona.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Local Settings\Temp\nsq8C.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Local Settings\Temp\ac8zt2\install.bat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Local Settings\Temp\ac8zt2\mpfanvqg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\N@N@.ANAIS\Local Settings\Temp\ac8zt2\oadkxrts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ljJDWOed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ctfmonb.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
      C:\Documents and Settings\N@N@.ANAIS\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk (Rogue.WinIFixer) -> Quarantined and deleted successfully.












      Il me demande de redémarrer mon ordi
      et ça me dit que certains elements nont pas pu se supprimer
      0
  7. g.chinal Messages postés 1151 Date d'inscription   Statut Membre Dernière intervention   76
     
    eorezo sa balance des virus de partout c c**
    0
  8. ric025
     
    Tout à fait normal. Et encore, tu fais un examen rapide. L'examen complet peut durer plus d'une heure.
    0
  9. ric025
     
    Ok! C'est bien ce qu'il me semblait!

    Il me demande de redémarrer mon ordi --> Tu as redémarré le pc?

    Si non, fais-le. Si oui, fais la suite:

    Relance MBAM (malwarebytes), va dans l'onglet "quarantaine" et supprime tout.

    Relance hijackthis comme tout à l'heure et poste moi un rapport tout frais stp.

    A+
    0
  10. Lamiss92
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:32:28, on 17/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: (no name) - {C39E3B47-23C0-4FC6-A982-D4315B378F12} - C:\WINDOWS\system32\xxyvVlIX.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\N@N@.ANAIS\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5AA554-5DDC-45D7-9590-FD04B2FCF0E1}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{827676D7-A3CD-44E0-B170-5DD625221768}: NameServer = 192.168.1.1
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  11. ric025
     
    Ok! Parfait!

    La suite:

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique maintenant sur le raccourci de Toolbar-S&D.
    Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

    Poste le rapport généré. (C:\TB.txt)
    0
    1. Lamiss92
       
      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : N@N@ ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
      C:\ (Local Disk) - NTFS - Total:142 Go (Free:27 Go)
      E:\ (USB)
      F:\ (USB)
      G:\ (USB)
      H:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
      I:\ (CD or DVD)
      J:\ (USB)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [1] ( 17/12/2008|14:45 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\NERO13895\Toolbar.exe
      C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\NERO14754\Toolbar.exe
      C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\NERO14803\Toolbar.exe
      C:\Program Files\AskTBar
      C:\Program Files\AskTBar\bar
      C:\Program Files\AskTBar\PopSwatr
      C:\Program Files\AskTBar\SrchAstt
      C:\Program Files\AskTBar\bar\1.bin
      C:\Program Files\AskTBar\bar\Cache
      C:\Program Files\AskTBar\bar\History
      C:\Program Files\AskTBar\bar\Settings
      C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
      C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
      C:\Program Files\AskTBar\bar\Cache\0007B91C
      C:\Program Files\AskTBar\bar\Cache\0007D0AB
      C:\Program Files\AskTBar\bar\Cache\0007D213.bin
      C:\Program Files\AskTBar\bar\Cache\0007D4D2.bin
      C:\Program Files\AskTBar\bar\Cache\0007D6F5.bin
      C:\Program Files\AskTBar\bar\Cache\files.ini
      C:\Program Files\AskTBar\bar\History\search2
      C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
      C:\Program Files\AskTBar\PopSwatr\History
      C:\Program Files\AskTBar\PopSwatr\History\notallow
      C:\Program Files\AskTBar\SrchAstt\1.bin
      C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
      C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\ICD1.tmp
      C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\nsxB4.tmp

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="http://lo.st#home"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\system32\XIlVvyxx.ini
      C:\WINDOWS\system32\XIlVvyxx.ini2
      [b]==> VUNDO <==/b




      1 - "C:\ToolBar SD\TB_1.txt" - 17/12/2008|14:46 - Option : [1]

      -----------\\ Fin du rapport a 14:46:55,07
      0
  12. ric025
     
    Ok! Relance-le et choisis l'option 2 qui est celle du nettoyage. Poste le rapport s'il te plait. Et fais suivre par un nouvel hijackthis.

    Comme tu vois, tu es effectivement infectée! ;)
    0
    1. Lamiss92
       
      daccord =s
      je ferais tout ça a mon retour je dois mabsentée
      Merci en tout cas et donc je continuerai ça tout a lheure
      a+
      0
  13. ric025
     
    Pas de soucis! Il restera encore des petites choses à supprimer.

    A++ ;))
    0
    1. Lamiss92
       
      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : N@N@ ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
      C:\ (Local Disk) - NTFS - Total:142 Go (Free:27 Go)
      E:\ (USB)
      F:\ (USB)
      G:\ (USB)
      H:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
      I:\ (CD or DVD)
      J:\ (USB)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [2] ( 17/12/2008|16:21 )

      -----------\\ SUPPRESSION

      Supprime! - C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\NERO13895\Toolbar.exe
      Supprime! - C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\NERO14754\Toolbar.exe
      Supprime! - C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\NERO14803\Toolbar.exe
      Supprime! - C:\Program Files\AskTBar\bar
      Supprime! - C:\Program Files\AskTBar\PopSwatr
      Supprime! - C:\Program Files\AskTBar\SrchAstt
      Supprime! - C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\ICD1.tmp
      Supprime! - C:\DOCUME~1\N@N@~1.ANA\LOCALS~1\Temp\nsxB4.tmp
      Supprime! - C:\Program Files\AskTBar

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="http://lo.st#home"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\system32\XIlVvyxx.ini
      C:\WINDOWS\system32\XIlVvyxx.ini2
      [b]==> VUNDO <==/b




      1 - "C:\ToolBar SD\TB_1.txt" - 17/12/2008|14:46 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 17/12/2008|16:23 - Option : [2]

      -----------\\ Fin du rapport a 16:23:50,37
      0
  14. Lamiss92
     
    Me revoila je tenvoie le rapport de loption 2 et de hijackthis
    0
  15. ric025
     
    Ok!
    0
    1. Lamiss92
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:25:30, on 17/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
      C:\Program Files\EoRezo\EoEngine.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: (no name) - {C39E3B47-23C0-4FC6-A982-D4315B378F12} - C:\WINDOWS\system32\xxyvVlIX.dll (file missing)
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\N@N@.ANAIS\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5AA554-5DDC-45D7-9590-FD04B2FCF0E1}: NameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{827676D7-A3CD-44E0-B170-5DD625221768}: NameServer = 192.168.1.1
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  16. ric025
     
    Bien, la suite:

    Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    Clique droit sur l'icône Ad-remover située sur ton Bureau et choisis Exécuter en tant qu'administrateur.

    Au menu principal, choisis l'option "A".

    Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
    -----------------------------------------
    Info:
    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. Lamiss92
       
      excuse moi mais c'est lequel ad remover ?
      0
  17. ric025
     
    Clique sur son nom en bleu dans mon post 24.
    0
    1. Lamiss92
       
      oui mais aprés ya plusieurs site dedans
      0
    2. Lamiss92
       
      comment te montrer le rapport aprés tout ça
      0
  18. Lamiss92
     
    c'est bon jai trouver xD

    --------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------

    # START at: 16:57:34 | Mer 17/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: ANAIS | USER: N@N@ ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: NTFS)
    - H:\ (File System: FAT32)

    # Internet Explorer v7.0.5730.11

    --------- [ RUNNING PROCESSES: 41 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ntvdm.exe

    -----------------------------------

    +-----------------------| Boonty/Boonty Games Elements found :

    .

    +-----------------------| Eorezo Elements found :

    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
    "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
    "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
    "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
    .
    [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo
    [27/06/2007 13:56|--a------] C:\PROGRA~1\EoRezo\CONFME~1.CYP
    [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo\EoAdv
    [23/09/2008 16:31|--a------] C:\PROGRA~1\EoRezo\EoEngine.exe
    [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\eoEngine.url
    [04/03/2008 15:13|--a------] C:\PROGRA~1\EoRezo\EOMULT~1.DLL
    [08/08/2008 12:56|--a------] C:\PROGRA~1\EoRezo\EOREZO~1.DLL
    [15/06/2007 13:49|--a------] C:\PROGRA~1\EoRezo\EOREZO~4.DLL
    [14/08/2007 12:45|--a------] C:\PROGRA~1\EoRezo\EO6115~1.DLL
    [03/09/2007 11:22|--a------] C:\PROGRA~1\EoRezo\EO4511~1.DLL
    [20/09/2007 13:05|--a------] C:\PROGRA~1\EoRezo\EO4515~1.DLL
    [21/11/2007 10:14|--a------] C:\PROGRA~1\EoRezo\EO5519~1.DLL
    [07/02/2008 16:33|--a------] C:\PROGRA~1\EoRezo\EO551D~1.DLL
    [09/05/2007 15:57|--a------] C:\PROGRA~1\EoRezo\EOREZO~2.DLL
    [15/06/2007 13:49|--a------] C:\PROGRA~1\EoRezo\EOREZO~3.DLL
    [06/07/2007 14:55|--a------] C:\PROGRA~1\EoRezo\EO6CF9~1.DLL
    [24/08/2007 15:15|--a------] C:\PROGRA~1\EoRezo\EO400A~1.DLL
    [22/11/2007 10:51|--a------] C:\PROGRA~1\EoRezo\EO400E~1.DLL
    [08/07/2008 10:44|--a------] C:\PROGRA~1\EoRezo\EO5002~1.DLL
    [08/08/2008 11:22|--a------] C:\PROGRA~1\EoRezo\EO5006~1.DLL
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\FREEIM~1.DLL
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\Host.cyp
    [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo\lang
    [27/06/2008 11:23|--a------] C:\PROGRA~1\EoRezo\MNGINS~1.DLL
    [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\unins000.dat
    [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\unins000.exe
    [21/12/2007 10:23|--a------] C:\PROGRA~1\EoRezo\user.cyp
    [09/05/2007 15:57|--a------] C:\PROGRA~1\EoRezo\EoAdv\EoAdv.dll
    [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
    [24/09/2008 08:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
    [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
    [24/09/2008 08:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.463
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~3.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH935B~1.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~1.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH0447~1.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~2.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~4.XML
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_en.xml
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_es.xml
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_fr.xml
    [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_it.xml
    [17/12/2008 16:54|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo
    [17/12/2008 16:28|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\cmhost.cyp
    [17/12/2008 14:29|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\CONFME~1.CYP
    [05/12/2008 07:37|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\db
    [17/12/2008 14:29|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1
    [04/12/2008 13:19|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\eoStats
    [17/12/2008 16:28|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\host.cyp
    [17/12/2008 16:28|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\user.cyp
    [05/12/2008 07:37|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\db\cat.cyp
    [17/12/2008 14:29|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1\config.xml
    [17/12/2008 14:29|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
    [17/12/2008 14:29|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
    [12/12/2008 18:18|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\eoStats\eoStats.txt
    [17/12/2008 11:50|--a------] C:\DOCUME~1\N@N@~1.ANA\Cookies\N@N@@E~1.TXT

    +-----------------------| Everest Poker Elements found :

    .

    +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    .

    +-----------------------| Messenger Skinner Elements found :

    .

    +-----------------------| Sweetim Elements found :

    .

    +-----------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\d0isv796.default\prefs.js :

    ~~~~ Mozilla FireFox version [Unable to get version] ~~~~

    Start Page : "http://lo.st#home"

    +----------+

    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\..\Run]

    MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    +--[HKEY_LOCAL_MACHINE\..\Run]

    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz REG_SZ nwiz.exe /install
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    RTHDCPL REG_SZ RTHDCPL.EXE
    Alcmtr REG_SZ ALCMTR.EXE
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
    ItsTV REG_SZ "C:\Program Files\ItsLabel\ItsTV.exe"
    NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    +--[HKEY_USERS\.DEFAULT\..\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://lo.st#home

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.msn.com/

    +---------------------------------------------------------------------------+

    - "C:\AD-report-Scan-17.12.2008.log" (~9603 bytes)

    # END at: 16:57:49 | 17/12/2008 - Time elapsed: 14.7 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 167 lines ]
    +---------------------------------------------------------------------------+
    0
  19. ric025
     
    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    Relance AD-Remover, au menu principal, choisis l'option B.

    Coche à l'écran de sélection :
    http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

    Suppression Boonty/BoontyGames (Si trouvé)
    Suppression Eorezo (Si trouvé)
    Suppression Everest Poker (Si trouvé)
    Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
    Suppression Messenger Skinner (Si trouvé)
    Suppression Sweetim (Si trouvé)

    Puis choisis S, le programme va travailler.
    Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report.log)

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
    0
    1. Lamiss92
       
      recoucou
      jai réessayer je ne trouve pas le rapport aprés avoir fait tout ça
      0
    2. Lamiss92
       
      ca c'est loption A



      --------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------

      # START at: 19:55:08 | Mer 17/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
      # BOOT MODE: Normal

      # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

      # PC: ANAIS | USER: N@N@ ( Current user is an administrator)

      # DRIVE(S):
      - C:\ (File System: NTFS)
      - H:\ (File System: FAT32)

      # Internet Explorer v7.0.5730.11

      --------- [ RUNNING PROCESSES: 41 ] ---------

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
      C:\Program Files\EoRezo\EoEngine.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\ntvdm.exe

      -----------------------------------


      +-----------------------| Boonty/Boonty Games Elements found :

      .

      +-----------------------| Eorezo Elements found :

      "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
      "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
      "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
      "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
      "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
      .
      [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo
      [27/06/2007 13:56|--a------] C:\PROGRA~1\EoRezo\CONFME~1.CYP
      [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo\EoAdv
      [23/09/2008 16:31|--a------] C:\PROGRA~1\EoRezo\EoEngine.exe
      [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\eoEngine.url
      [04/03/2008 15:13|--a------] C:\PROGRA~1\EoRezo\EOMULT~1.DLL
      [08/08/2008 12:56|--a------] C:\PROGRA~1\EoRezo\EOREZO~1.DLL
      [15/06/2007 13:49|--a------] C:\PROGRA~1\EoRezo\EOREZO~4.DLL
      [14/08/2007 12:45|--a------] C:\PROGRA~1\EoRezo\EO6115~1.DLL
      [03/09/2007 11:22|--a------] C:\PROGRA~1\EoRezo\EO4511~1.DLL
      [20/09/2007 13:05|--a------] C:\PROGRA~1\EoRezo\EO4515~1.DLL
      [21/11/2007 10:14|--a------] C:\PROGRA~1\EoRezo\EO5519~1.DLL
      [07/02/2008 16:33|--a------] C:\PROGRA~1\EoRezo\EO551D~1.DLL
      [09/05/2007 15:57|--a------] C:\PROGRA~1\EoRezo\EOREZO~2.DLL
      [15/06/2007 13:49|--a------] C:\PROGRA~1\EoRezo\EOREZO~3.DLL
      [06/07/2007 14:55|--a------] C:\PROGRA~1\EoRezo\EO6CF9~1.DLL
      [24/08/2007 15:15|--a------] C:\PROGRA~1\EoRezo\EO400A~1.DLL
      [22/11/2007 10:51|--a------] C:\PROGRA~1\EoRezo\EO400E~1.DLL
      [08/07/2008 10:44|--a------] C:\PROGRA~1\EoRezo\EO5002~1.DLL
      [08/08/2008 11:22|--a------] C:\PROGRA~1\EoRezo\EO5006~1.DLL
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\FREEIM~1.DLL
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\Host.cyp
      [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo\lang
      [27/06/2008 11:23|--a------] C:\PROGRA~1\EoRezo\MNGINS~1.DLL
      [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\unins000.dat
      [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\unins000.exe
      [21/12/2007 10:23|--a------] C:\PROGRA~1\EoRezo\user.cyp
      [09/05/2007 15:57|--a------] C:\PROGRA~1\EoRezo\EoAdv\EoAdv.dll
      [27/09/2008 09:51|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
      [24/09/2008 08:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
      [27/09/2008 09:51|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
      [24/09/2008 08:24|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.463
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~3.XML
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH935B~1.XML
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~1.XML
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IH0447~1.XML
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~2.XML
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\IHM_EO~4.XML
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_en.xml
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_es.xml
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_fr.xml
      [26/06/2007 14:33|--a------] C:\PROGRA~1\EoRezo\lang\lang_it.xml
      [17/12/2008 19:52|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo
      [17/12/2008 18:27|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\cmhost.cyp
      [17/12/2008 17:43|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\CONFME~1.CYP
      [05/12/2008 07:37|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\db
      [17/12/2008 17:43|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1
      [04/12/2008 13:19|d--------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\eoStats
      [17/12/2008 18:27|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\host.cyp
      [17/12/2008 18:27|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\user.cyp
      [05/12/2008 07:37|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\db\cat.cyp
      [17/12/2008 17:43|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1\config.xml
      [17/12/2008 17:43|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
      [17/12/2008 17:43|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
      [12/12/2008 18:18|--a------] C:\DOCUME~1\N@N@~1.ANA\APPLIC~1\EoRezo\eoStats\eoStats.txt
      [17/12/2008 11:50|--a------] C:\DOCUME~1\N@N@~1.ANA\Cookies\N@N@@E~1.TXT

      +-----------------------| Everest Poker Elements found :

      .

      +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

      .

      +-----------------------| Messenger Skinner Elements found :

      .

      +-----------------------| Sweetim Elements found :

      .

      +-----------------------| ADDED SCAN :



      +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

      ...\d0isv796.default\prefs.js :

      ~~~~ Mozilla FireFox version [Unable to get version] ~~~~

      Start Page : "http://lo.st#home"

      +----------+


      +---------------------------------------------------------------------------+

      +--[HKEY_CURRENT_USER\..\Run]

      MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
      IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

      +--[HKEY_LOCAL_MACHINE\..\Run]

      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      nwiz REG_SZ nwiz.exe /install
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      RTHDCPL REG_SZ RTHDCPL.EXE
      Alcmtr REG_SZ ALCMTR.EXE
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
      Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
      ItsTV REG_SZ "C:\Program Files\ItsLabel\ItsTV.exe"
      NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

      +--[HKEY_USERS\.DEFAULT\..\Run]

      CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

      +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

      Start Page : hxxp://lo.st#home

      +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

      Start Page : hxxp://www.msn.com/

      +---------------------------------------------------------------------------+

      - "C:\AD-report-Scan-17.12.2008.log" (~9603 bytes)

      # END at: 19:55:21 | 17/12/2008 - Time elapsed: 13.5 seconds

      +---------------------------------------------------------------------------+
      +------------------------------- [ E.O.F - 167 lines ]
      +---------------------------------------------------------------------------+
      0
    3. Lamiss92
       
      jsuis désolé mais le lien ne fonctionne
      0
      1. camelia_smfs > Lamiss92
         
        a lamiss avant tout moi je ne sais pas la reponse sauf que j'ai besoin d'aide je veux achter un portable en urgence et je veux que tu m'aide a choisir entre ces deux je t'en suplie lamiss stp les trois portable sont le samsung sch-f679 et le lg kg800 et le sony ericson t303i stp merci d'avance
        0
      2. Lamiss92 > camelia_smfs
         
        surtout pas le Lg il est pas terrible
        Moi je te propose le samsung ça ma lair le mieux ^^
        Bisous
        0
  20. ric025
     
    Tu es allée voir à la racine de C:/ ?? Normalement, tu devrais l'avoir.

    Sinon, si tu ne trouves vraiment pas, relance AD-Remover en exécutant l'option A. On verra ainsi si la suppression a fonctionné.
    0
  • 1
  • 2
  • 3