Pyagcore.search.searchdetection
Fermé
feeclochette79
Messages postés
1
Date d'inscription
jeudi 18 décembre 2008
Statut
Membre
Dernière intervention
18 décembre 2008
-
18 déc. 2008 à 11:45
feeclochette79 - 23 déc. 2008 à 16:38
feeclochette79 - 23 déc. 2008 à 16:38
13 réponses
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
18 déc. 2008 à 14:06
18 déc. 2008 à 14:06
Pour désinstaller kiwee toolbar:
1/ Démarrer; executer puis taper msconfig puis ok
2/ Aller dans l'onglet démarrage et décocher kiwee toolbar; puis aller sur l'onglet service pour décocher kiwee toolbar (s'il existe).
3/ Cliquer sur activer puis ok; l'ordinateur va redémarrer
4/ Lorsque le bureau s'affiche, tu verras l'utilitaire de configuration qui va s'afficher; tu coches sur la petite case pour qu'il disparaitra lors de la prochaine démarrage.
5/ A partir de là, tu peux désinstaller kiwee toolbar dans ajout/suppression
6/ tu peu également allez dans program files.et supprimer ce qui si rapporte
1/ Démarrer; executer puis taper msconfig puis ok
2/ Aller dans l'onglet démarrage et décocher kiwee toolbar; puis aller sur l'onglet service pour décocher kiwee toolbar (s'il existe).
3/ Cliquer sur activer puis ok; l'ordinateur va redémarrer
4/ Lorsque le bureau s'affiche, tu verras l'utilitaire de configuration qui va s'afficher; tu coches sur la petite case pour qu'il disparaitra lors de la prochaine démarrage.
5/ A partir de là, tu peux désinstaller kiwee toolbar dans ajout/suppression
6/ tu peu également allez dans program files.et supprimer ce qui si rapporte
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
21 déc. 2008 à 08:33
21 déc. 2008 à 08:33
bonjour la feeclochette
ok ...apparament c'est un faux positif
on continue il y a encore pas mal de truc a faire
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
ok ...apparament c'est un faux positif
on continue il y a encore pas mal de truc a faire
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
voici le nouveau rapport
--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------
# START at: 9:57:19 | Dim 21/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 33 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[07/07/2008 17:44|d--------] C:\PROGRA~1\EoRezo
[13/07/2008 16:02|d--------] C:\PROGRA~1\EoRezo\EoAdv
[07/07/2008 17:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[07/07/2008 17:20|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.482
[07/07/2008 17:44|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\cmhost.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\CONFME~1.CYP
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\host.cyp
[07/07/2008 17:44|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\user.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db\cat.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\config.xml
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats\eoStats.txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
"HKEY_CURRENT_USER\Software\FunWebProducts"
.
+-----------------------| It's TV Elements found :
"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
.
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel
[07/07/2008 17:41|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome
[27/04/2008 14:12|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
[27/07/2008 09:09|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
[01/07/2008 15:54|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1\logs
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[01/09/2008 00:50|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[01/09/2008 00:52|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\EMOTIC~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\USER_C~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\EMOTIC~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\USER_C~1.XML
[20/11/2008 13:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[28/01/2008 20:00|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108CE.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[19/01/2006 17:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
[01/11/2006 15:01|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002012D.dat
[05/11/2007 18:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201A5.dat
[16/12/2007 09:53|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201DD.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020230.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
[05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
[03/08/2008 08:35|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300AD.dat
[13/03/2006 22:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00060038.dat
[11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000600B0.dat
[10/04/2008 19:26|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0006019A.dat
[22/06/2008 08:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601DE.dat
[23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[20/11/2008 13:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[01/09/2008 00:51|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\nntuet36.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
Start Page : "https://www.orange.fr/portail"
+----------+
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-21.12.2008.log" (~14043 bytes)
# END at: 9:57:41 | 21/12/2008 - Time elapsed: 21.8 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 187 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------
# START at: 9:57:19 | Dim 21/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 33 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[07/07/2008 17:44|d--------] C:\PROGRA~1\EoRezo
[13/07/2008 16:02|d--------] C:\PROGRA~1\EoRezo\EoAdv
[07/07/2008 17:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[07/07/2008 17:20|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.482
[07/07/2008 17:44|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\cmhost.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\CONFME~1.CYP
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\host.cyp
[07/07/2008 17:44|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\user.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db\cat.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\config.xml
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats\eoStats.txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
"HKEY_CURRENT_USER\Software\FunWebProducts"
.
+-----------------------| It's TV Elements found :
"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
.
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel
[07/07/2008 17:41|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome
[27/04/2008 14:12|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
[27/07/2008 09:09|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
[01/07/2008 15:54|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1\logs
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[01/09/2008 00:50|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[01/09/2008 00:52|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\EMOTIC~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\USER_C~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\EMOTIC~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\USER_C~1.XML
[20/11/2008 13:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[28/01/2008 20:00|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108CE.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[19/01/2006 17:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
[01/11/2006 15:01|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002012D.dat
[05/11/2007 18:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201A5.dat
[16/12/2007 09:53|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201DD.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020230.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
[05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
[03/08/2008 08:35|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300AD.dat
[13/03/2006 22:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00060038.dat
[11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000600B0.dat
[10/04/2008 19:26|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0006019A.dat
[22/06/2008 08:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601DE.dat
[23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[20/11/2008 13:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[01/09/2008 00:51|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\nntuet36.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
Start Page : "https://www.orange.fr/portail"
+----------+
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-21.12.2008.log" (~14043 bytes)
# END at: 9:57:41 | 21/12/2008 - Time elapsed: 21.8 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 187 lines ]
+---------------------------------------------------------------------------+
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
22 déc. 2008 à 06:52
22 déc. 2008 à 06:52
Déconnectes toi et fermes toutes applications en cours !
Relances "Ad-remover" : au menu principal choisi l'option "B" .
laisse le programme travailler
Postes le rapport qui apparait à la fin
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
refait Hijackthis pour analyse merci
Relances "Ad-remover" : au menu principal choisi l'option "B" .
laisse le programme travailler
Postes le rapport qui apparait à la fin
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
refait Hijackthis pour analyse merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------
# START at: 11:04:12 | Lun 22/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 33 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[07/07/2008 17:44|d--------] C:\PROGRA~1\EoRezo
[13/07/2008 16:02|d--------] C:\PROGRA~1\EoRezo\EoAdv
[07/07/2008 17:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[07/07/2008 17:20|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.482
[07/07/2008 17:44|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\cmhost.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\CONFME~1.CYP
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\host.cyp
[07/07/2008 17:44|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\user.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db\cat.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\config.xml
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats\eoStats.txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
"HKEY_CURRENT_USER\Software\FunWebProducts"
.
+-----------------------| It's TV Elements found :
"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
.
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel
[07/07/2008 17:41|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome
[27/04/2008 14:12|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
[27/07/2008 09:09|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
[01/07/2008 15:54|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1\logs
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[01/09/2008 00:50|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[01/09/2008 00:52|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\EMOTIC~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\USER_C~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\EMOTIC~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\USER_C~1.XML
[20/11/2008 13:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[28/01/2008 20:00|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108CE.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[19/01/2006 17:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
[01/11/2006 15:01|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002012D.dat
[05/11/2007 18:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201A5.dat
[16/12/2007 09:53|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201DD.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020230.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
[05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
[03/08/2008 08:35|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300AD.dat
[13/03/2006 22:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00060038.dat
[11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000600B0.dat
[10/04/2008 19:26|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0006019A.dat
[22/06/2008 08:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601DE.dat
[23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[20/11/2008 13:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[01/09/2008 00:51|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\nntuet36.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
Start Page : "https://www.orange.fr/portail"
+----------+
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-21.12.2008.log" (~14379 bytes)
- "C:\AD-report-Scan-22.12.2008.log" (~14098 bytes)
# END at: 11:04:36 | 22/12/2008 - Time elapsed: 23.6 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 187 lines ]
+---------------------------------------------------------------------------+
# START at: 11:04:12 | Lun 22/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 33 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[07/07/2008 17:44|d--------] C:\PROGRA~1\EoRezo
[13/07/2008 16:02|d--------] C:\PROGRA~1\EoRezo\EoAdv
[07/07/2008 17:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[07/07/2008 17:20|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.482
[07/07/2008 17:44|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\cmhost.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\CONFME~1.CYP
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db
[07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\host.cyp
[07/07/2008 17:44|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\user.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db\cat.cyp
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\config.xml
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats\eoStats.txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
"HKEY_CURRENT_USER\Software\FunWebProducts"
.
+-----------------------| It's TV Elements found :
"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
.
[07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel
[07/07/2008 17:41|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV
[07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome
[27/04/2008 14:12|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
[27/07/2008 09:09|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
[01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
[01/07/2008 15:54|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
[27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1
[01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1\logs
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[01/09/2008 00:50|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[01/09/2008 00:52|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR
[01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\EMOTIC~1.XML
[01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\USER_C~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\EMOTIC~1.XML
[01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\USER_C~1.XML
[20/11/2008 13:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[28/01/2008 20:00|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108CE.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[19/01/2006 17:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
[01/11/2006 15:01|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002012D.dat
[05/11/2007 18:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201A5.dat
[16/12/2007 09:53|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201DD.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
[13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020230.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
[05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
[03/08/2008 08:35|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300AD.dat
[13/03/2006 22:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00060038.dat
[11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000600B0.dat
[10/04/2008 19:26|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0006019A.dat
[22/06/2008 08:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601DE.dat
[23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[20/11/2008 13:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[01/09/2008 00:51|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\nntuet36.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
Start Page : "https://www.orange.fr/portail"
+----------+
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-21.12.2008.log" (~14379 bytes)
- "C:\AD-report-Scan-22.12.2008.log" (~14098 bytes)
# END at: 11:04:36 | 22/12/2008 - Time elapsed: 23.6 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 187 lines ]
+---------------------------------------------------------------------------+
voici rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:22, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:22, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
22 déc. 2008 à 12:59
22 déc. 2008 à 12:59
tu n'a pas fait ce que je t'ai demandé
http://www.commentcamarche.net/forum/affich 9969229 pyagcore search searchdetection?#20
tu a refait un scan
tu devais faire un nettoyage
option B clean
recommence merci
http://www.commentcamarche.net/forum/affich 9969229 pyagcore search searchdetection?#20
tu a refait un scan
tu devais faire un nettoyage
option B clean
recommence merci
--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 13:17:43 | Lun 22/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 31 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[07/07/2008 17:44|d--------] C:\Program Files\EoRezo
[07/07/2008 17:44|d--------] C:\Documents and Settings\Armelle\Application Data\EoRezo
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
"HKEY_CURRENT_USER\Software\FunWebProducts"
.
+-----------------------| It's TV Elements Deleted :
"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
.
[07/07/2008 17:34|d--------] C:\Documents and Settings\Armelle\Application Data\ItsLabel
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
[01/09/2008 00:51|d--------] C:\Documents and Settings\Armelle\Application Data\Mozilla\Firefox\Profiles\nntuet36.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[01/09/2008 09:07|d--------] C:\Documents and Settings\Armelle\Application Data\Mozilla\Firefox\Profiles\nntuet36.default\SweetIMToolbarData
[01/09/2008 00:51|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
[18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\nntuet36.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
Start Page : "https://www.orange.fr/portail"
+----------+
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.3");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-22.12.2008.log" (~8172 bytes)
- "C:\AD-report-Scan-21.12.2008.log" (~14379 bytes)
- "C:\AD-report-Scan-22.12.2008.log" (~14434 bytes)
# END at: 13:19:45 | 22/12/2008 - Time elapsed: 2 minutes, 2 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 132 lines ]
+---------------------------------------------------------------------------+
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
# START at: 13:17:43 | Lun 22/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 31 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[07/07/2008 17:44|d--------] C:\Program Files\EoRezo
[07/07/2008 17:44|d--------] C:\Documents and Settings\Armelle\Application Data\EoRezo
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
"HKEY_CURRENT_USER\Software\FunWebProducts"
.
+-----------------------| It's TV Elements Deleted :
"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
.
[07/07/2008 17:34|d--------] C:\Documents and Settings\Armelle\Application Data\ItsLabel
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
"HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
"HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
[01/09/2008 00:51|d--------] C:\Documents and Settings\Armelle\Application Data\Mozilla\Firefox\Profiles\nntuet36.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[01/09/2008 09:07|d--------] C:\Documents and Settings\Armelle\Application Data\Mozilla\Firefox\Profiles\nntuet36.default\SweetIMToolbarData
[01/09/2008 00:51|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
[18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\nntuet36.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.5 ~~~~
Start Page : "https://www.orange.fr/portail"
+----------+
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.3");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-22.12.2008.log" (~8172 bytes)
- "C:\AD-report-Scan-21.12.2008.log" (~14379 bytes)
- "C:\AD-report-Scan-22.12.2008.log" (~14434 bytes)
# END at: 13:19:45 | 22/12/2008 - Time elapsed: 2 minutes, 2 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 132 lines ]
+---------------------------------------------------------------------------+
et avec hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:03, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:03, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
22 déc. 2008 à 16:45
22 déc. 2008 à 16:45
ok
redemarre hijac
coche ces lignes ci dessous
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
et clic sur FIX CHECKED
redemarre hijac
coche ces lignes ci dessous
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
et clic sur FIX CHECKED
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
23 déc. 2008 à 06:50
23 déc. 2008 à 06:50
quel probleme a tu encore ?
comment se comporte ton pc ?
pour kiwee toolbar
a tu essaye de le desinstaller a nouveau ?
comment se comporte ton pc ?
pour kiwee toolbar
a tu essaye de le desinstaller a nouveau ?
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
23 déc. 2008 à 10:45
23 déc. 2008 à 10:45
ok on va essayer ca
telecharge BTFix (par bibi26)
http://ftp1.toocharger.com/lo9UPiq/btfix_1_27178.zip
• Décompresser l'archive (clique droit sur l'archive -> extraire tout) sur le Bureau.
Il doit y avoir maintenant un dossier du nom de BTFix.
• Sur le Bureau, ouvrir le dossier BTFix.
• Double-click sur le fichier BTFix.exe.
• Click sur Rechercher
• En fin de procédure il affiche le rapport.
• Copier/Coller le rapport dans le prochain message
sinon on shuntera kiwee toolbar via hijackthis
telecharge BTFix (par bibi26)
http://ftp1.toocharger.com/lo9UPiq/btfix_1_27178.zip
• Décompresser l'archive (clique droit sur l'archive -> extraire tout) sur le Bureau.
Il doit y avoir maintenant un dossier du nom de BTFix.
• Sur le Bureau, ouvrir le dossier BTFix.
• Double-click sur le fichier BTFix.exe.
• Click sur Rechercher
• En fin de procédure il affiche le rapport.
• Copier/Coller le rapport dans le prochain message
sinon on shuntera kiwee toolbar via hijackthis
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
23 déc. 2008 à 12:45
23 déc. 2008 à 12:45
desolé..btfix a été retiré de la circulation...j'avais oublié, et comme l'auteur ne veux pas que l'on utilise
je ne peu pas te le fournir..dailleur il ne serais pas a jour
donc redemarre hijac
coche ces lignes ci dessous
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
et clic sur FIX CHECKED
je ne peu pas te le fournir..dailleur il ne serais pas a jour
donc redemarre hijac
coche ces lignes ci dessous
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
et clic sur FIX CHECKED
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
23 déc. 2008 à 15:22
23 déc. 2008 à 15:22
OUI
en premier passe explorer 6 a 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
en 2 passe un coup de ccleaner nettoyage de xp et correction de la base de registre
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
en 3 supprimer les outils que nous avons utiliser , qui ne te servent plus et peuvent etre dangereux
avec ceci
ToolsCleaner sur
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
executer ce petit nettoyage en mode normale
comme toolscleaner n'a pas d'installation il te suffira ensuite de le supprimer direct a la poubelle
voila ...c'est tout
tu peu utiliser Malwarebytes' Anti-Malware une fois par quinzaine ou par mois selon comment tu te comporte sur internet
bonne fête
en premier passe explorer 6 a 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
en 2 passe un coup de ccleaner nettoyage de xp et correction de la base de registre
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
en 3 supprimer les outils que nous avons utiliser , qui ne te servent plus et peuvent etre dangereux
avec ceci
ToolsCleaner sur
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
executer ce petit nettoyage en mode normale
comme toolscleaner n'a pas d'installation il te suffira ensuite de le supprimer direct a la poubelle
voila ...c'est tout
tu peu utiliser Malwarebytes' Anti-Malware une fois par quinzaine ou par mois selon comment tu te comporte sur internet
bonne fête
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
>
feeclochette79
23 déc. 2008 à 16:29
23 déc. 2008 à 16:29
je comprend mais explorer 6 est une passoire a virus
alors je te conseil firefox
http://www.mozilla-europe.org/fr/firefox/
en plus tu navigeras plus vite
et il te reprendra tous tes favoris
alors je te conseil firefox
http://www.mozilla-europe.org/fr/firefox/
en plus tu navigeras plus vite
et il te reprendra tous tes favoris
feeclochette79
>
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
23 déc. 2008 à 16:38
23 déc. 2008 à 16:38
a bon c'est pour ça ok
j'ai déjà firefox ,je ne passe jamais par explorer firfox c'est top et en plus il a des mises a jours régumièrement,un ami me l'avait conseillé et il avait raison
tout ce que tu m'a demandé de faire est fait et avec succés
encore une fois,je te remercie pour ton aide
passe de très bonne fétes de fin d'année
cordialement armelle
j'ai déjà firefox ,je ne passe jamais par explorer firfox c'est top et en plus il a des mises a jours régumièrement,un ami me l'avait conseillé et il avait raison
tout ce que tu m'a demandé de faire est fait et avec succés
encore une fois,je te remercie pour ton aide
passe de très bonne fétes de fin d'année
cordialement armelle
18 déc. 2008 à 16:00
je suis allé dans msconfig mais kewee n'est nul part et je ne peux toujours pas le supprimé,de ce fait wlm ne fonctionne toujours pas non plus
ça m'agace helpppppp
18 déc. 2008 à 16:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:18, on 18/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18 déc. 2008 à 16:32
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
18 déc. 2008 à 20:00
voici le rapport
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : 686O2 v2.20
USER : Armelle ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081218-0] 4.8.1296 (Activated)
Firewall : Panda Antivirus 2008 Personal Firewall 7.00.00 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:5 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 18/12/2008|19:57 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\Multi_Media_France
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
C:\WINDOWS\iun6002.exe
\...\{7009fcd4-05be-44f4-9583-93fe419ab7b0} - (multi_media_france)
-----------\\ Extensions
(Armelle) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Armelle) - {6a7400d6-6615-4a06-a4d1-48979fa6e868} => iminent-en
(Armelle) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} => multi_media_france
(Armelle) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.ustart.org"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 18/12/2008|19:58 - Option : [1]
-----------\\ Fin du rapport a 19:58:08,75
18 déc. 2008 à 20:26