Pyagcore.search.searchdetection

feeclochette79 Messages postés 1 Statut Membre -  
 feeclochette79 -
Bonjour,
je ne peux plus me connecter a wlm,le message suivant apparait dans une fenètre

['traceback[most recent call last]:\n','file"C:\\pyagcore\\pyagcore/_init_py"line3,in<module>\n',file"C:\\Program Files\\agi\\common\\win32com\\_init_py",line5,in<module>\n import win32api,sys,os\n'importError:DLL load failed:La proc\xe9dure sp\xe9cifi\xe9e est introuvable.\n']

quelqu'un pourrait-il m'aider a comprendre et a résoudre ce problème

je crois que cela viens de kiwee toolbar que je n'arrive pas a désinstaller

merci pour votre aide
Configuration: Windows XP
Firefox 3.0.5

13 réponses

Résumé de la discussion

Problème de connexion à Windows Live Messenger sur Windows XP, avec une erreur DLL load failed et la mention d'une procédure introuvable, potentiellement liée à Kiwee Toolbar et aux outils de sécurité.
Plusieurs conseils visent à désinstaller Kiwee Toolbar et SweetIM, puis à’utiliser des outils de suppression (Ad-Remover et HijackThis) pour nettoyer les extensions et les barres d’outils, supprimer les entrées de démarrage et les BHO.
Des résidus dans le registre et les dossiers d’installation, notamment pour Kiwee et SweetIM, peuvent subsister après la désinstallation et nécessiter une suppression manuelle et une vérification des composants Windows Live pour rétablir la connexion.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. sherred Messages postés 8605 Statut Membre 351
     
    Pour désinstaller kiwee toolbar:
    1/ Démarrer; executer puis taper msconfig puis ok
    2/ Aller dans l'onglet démarrage et décocher kiwee toolbar; puis aller sur l'onglet service pour décocher kiwee toolbar (s'il existe).
    3/ Cliquer sur activer puis ok; l'ordinateur va redémarrer
    4/ Lorsque le bureau s'affiche, tu verras l'utilitaire de configuration qui va s'afficher; tu coches sur la petite case pour qu'il disparaitra lors de la prochaine démarrage.
    5/ A partir de là, tu peux désinstaller kiwee toolbar dans ajout/suppression
    6/ tu peu également allez dans program files.et supprimer ce qui si rapporte
    0
    1. feeclochette79
       
      merci

      je suis allé dans msconfig mais kewee n'est nul part et je ne peux toujours pas le supprimé,de ce fait wlm ne fonctionne toujours pas non plus

      ça m'agace helpppppp
      0
    2. feeclochette79
       
      voici le rapport fait par hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:15:18, on 18/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\inKline Global\PC Booster\PCBooster.exe
      C:\Program Files\Stardock\CursorFX\CursorFX.exe
      C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Alwil Software\Avast4\setup\avast.setup
      C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
      R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
      O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
      O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
      O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
      O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
      O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      0
    3. sherred Messages postés 8605 Statut Membre 351 > feeclochette79
       
      Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
      https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

      * Lance l'installation du programme en exécutant le fichier téléchargé.
      * Double-clique maintenant sur le raccourci de Toolbar-S&D.
      * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
      * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
      * Poste le rapport généré. (C:\TB.txt)
      0
    4. feeclochette79 > sherred Messages postés 8605 Statut Membre
       
      désolé d'avoir mis autant de temps a répondre

      voici le rapport

      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
      BIOS : 686O2 v2.20
      USER : Armelle ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1296 [VPS 081218-0] 4.8.1296 (Activated)
      Firewall : Panda Antivirus 2008 Personal Firewall 7.00.00 (Not Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:37 Go (Free:5 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [1] ( 18/12/2008|19:57 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\AskTBar
      C:\Program Files\AskTBar\bar
      C:\Program Files\AskTBar\PopSwatr
      C:\Program Files\AskTBar\bar\History
      C:\Program Files\AskTBar\bar\Settings
      C:\Program Files\AskTBar\bar\History\search2
      C:\Program Files\AskTBar\PopSwatr\History
      C:\Program Files\AskTBar\PopSwatr\History\notallow
      C:\Program Files\GamesBar
      C:\Program Files\GamesBar\Localization-French.ini
      C:\Program Files\Multi_Media_France
      C:\Program Files\MultiMedia France Toolbar
      C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
      C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
      C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
      C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
      C:\WINDOWS\iun6002.exe
      \...\{7009fcd4-05be-44f4-9583-93fe419ab7b0} - (multi_media_france)

      -----------\\ Extensions

      (Armelle) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
      (Armelle) - {6a7400d6-6615-4a06-a4d1-48979fa6e868} => iminent-en
      (Armelle) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} => multi_media_france
      (Armelle) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.msn.com/fr-fr"
      "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="http://www.ustart.org"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 18/12/2008|19:58 - Option : [1]

      -----------\\ Fin du rapport a 19:58:08,75
      0
    5. sherred Messages postés 8605 Statut Membre 351 > feeclochette79
       
      relance toolbar avec l option 2
      0
  2. sherred Messages postés 8605 Statut Membre 351
     
    bonjour la feeclochette

    ok ...apparament c'est un faux positif

    on continue il y a encore pas mal de truc a faire

    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  3. feeclochette79
     
    voici le nouveau rapport

    --------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

    # START at: 9:57:19 | Dim 21/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: NTFS)

    # Internet Explorer v6.0.2900.5512

    --------- [ RUNNING PROCESSES: 33 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\WINDOWS\system32\ntvdm.exe

    -----------------------------------

    +-----------------------| Boonty/Boonty Games Elements found :

    .

    +-----------------------| Eorezo Elements found :

    "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
    "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
    "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    .
    [07/07/2008 17:44|d--------] C:\PROGRA~1\EoRezo
    [13/07/2008 16:02|d--------] C:\PROGRA~1\EoRezo\EoAdv
    [07/07/2008 17:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
    [07/07/2008 17:20|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
    [25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.482
    [07/07/2008 17:44|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\cmhost.cyp
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\CONFME~1.CYP
    [07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db
    [07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1
    [07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\host.cyp
    [07/07/2008 17:44|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\user.cyp
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db\cat.cyp
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\config.xml
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
    [07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats\eoStats.txt

    +-----------------------| Everest Poker Elements found :

    .

    +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    "HKEY_CURRENT_USER\Software\FunWebProducts"
    .

    +-----------------------| It's TV Elements found :

    "HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
    "HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
    .
    [07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel
    [07/07/2008 17:41|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV
    [07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV\itsTV.xml

    +-----------------------| Sweetim Elements found :

    "HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
    "HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
    "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
    "HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
    "HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
    "HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
    "HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
    "HKEY_CURRENT_USER\SOFTWARE\SweetIM"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
    "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
    .
    [01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome
    [27/04/2008 14:12|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
    [27/07/2008 09:09|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
    [01/07/2008 15:54|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
    [01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1
    [01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1\logs
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
    [18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
    [18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
    [01/09/2008 00:50|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
    [01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
    [01/09/2008 00:52|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR
    [01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR
    [01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
    [01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\EMOTIC~1.XML
    [01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\USER_C~1.XML
    [01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\EMOTIC~1.XML
    [01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\USER_C~1.XML
    [20/11/2008 13:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
    [13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
    [28/01/2008 20:00|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108CE.dat
    [16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
    [16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
    [19/01/2006 17:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
    [01/11/2006 15:01|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002012D.dat
    [05/11/2007 18:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201A5.dat
    [16/12/2007 09:53|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201DD.dat
    [13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
    [13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020230.dat
    [22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
    [05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
    [03/08/2008 08:35|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300AD.dat
    [13/03/2006 22:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00060038.dat
    [11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000600B0.dat
    [10/04/2008 19:26|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0006019A.dat
    [22/06/2008 08:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601DE.dat
    [23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
    [20/11/2008 13:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
    [01/09/2008 00:51|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
    [18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT

    +-----------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\nntuet36.default\prefs.js :

    ~~~~ Mozilla FireFox version 3.0.5 ~~~~

    Start Page : "https://www.orange.fr/portail"

    +----------+

    FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
    FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
    FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
    FOUND - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
    FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");

    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\..\Run]

    CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe

    +--[HKEY_LOCAL_MACHINE\..\Run]

    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe

    +--[HKEY_USERS\.DEFAULT\..\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
    Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.msn.com/

    +---------------------------------------------------------------------------+

    - "C:\AD-report-Scan-21.12.2008.log" (~14043 bytes)

    # END at: 9:57:41 | 21/12/2008 - Time elapsed: 21.8 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 187 lines ]
    +---------------------------------------------------------------------------+
    0
  4. sherred Messages postés 8605 Statut Membre 351
     
    Déconnectes toi et fermes toutes applications en cours !
    Relances "Ad-remover" : au menu principal choisi l'option "B" .

    laisse le programme travailler
    Postes le rapport qui apparait à la fin
    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
    refait Hijackthis pour analyse merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. feeclochette79
     
    --------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

    # START at: 11:04:12 | Lun 22/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: NTFS)

    # Internet Explorer v6.0.2900.5512

    --------- [ RUNNING PROCESSES: 33 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\WINDOWS\system32\ntvdm.exe

    -----------------------------------

    +-----------------------| Boonty/Boonty Games Elements found :

    .

    +-----------------------| Eorezo Elements found :

    "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
    "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
    "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    .
    [07/07/2008 17:44|d--------] C:\PROGRA~1\EoRezo
    [13/07/2008 16:02|d--------] C:\PROGRA~1\EoRezo\EoAdv
    [07/07/2008 17:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
    [07/07/2008 17:20|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
    [25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.482
    [07/07/2008 17:44|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\cmhost.cyp
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\CONFME~1.CYP
    [07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db
    [07/07/2008 17:42|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1
    [07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\host.cyp
    [07/07/2008 17:44|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\user.cyp
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\db\cat.cyp
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\config.xml
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
    [07/07/2008 17:42|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
    [07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\EoRezo\eoStats\eoStats.txt

    +-----------------------| Everest Poker Elements found :

    .

    +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    "HKEY_CURRENT_USER\Software\FunWebProducts"
    .

    +-----------------------| It's TV Elements found :

    "HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
    "HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
    .
    [07/07/2008 17:34|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel
    [07/07/2008 17:41|d--------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV
    [07/07/2008 17:41|--a------] C:\DOCUME~1\Armelle\APPLIC~1\ItsLabel\ItsTV\itsTV.xml

    +-----------------------| Sweetim Elements found :

    "HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
    "HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
    "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
    "HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
    "HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
    "HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
    "HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
    "HKEY_CURRENT_USER\SOFTWARE\SweetIM"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
    "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
    .
    [01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome
    [27/04/2008 14:12|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
    [27/07/2008 09:09|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
    [01/09/2008 00:51|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
    [01/07/2008 15:54|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
    [27/07/2008 11:35|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
    [01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1
    [01/09/2008 09:07|d--------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SWEETI~1\logs
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
    [18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
    [18/12/2008 12:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
    [01/09/2008 00:50|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
    [01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
    [01/09/2008 00:52|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR
    [01/09/2008 09:25|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR
    [01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
    [01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\EMOTIC~1.XML
    [01/09/2008 00:52|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\BATAIL~1.FR\USER_C~1.XML
    [01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\EMOTIC~1.XML
    [01/09/2008 09:25|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\FEECLO~1.FR\USER_C~1.XML
    [20/11/2008 13:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
    [13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
    [28/01/2008 20:00|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108CE.dat
    [16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
    [16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
    [19/01/2006 17:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000200C0.dat
    [01/11/2006 15:01|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002012D.dat
    [05/11/2007 18:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201A5.dat
    [16/12/2007 09:53|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000201DD.dat
    [13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020218.dat
    [13/01/2008 19:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020230.dat
    [22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BA.dat
    [05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
    [03/08/2008 08:35|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300AD.dat
    [13/03/2006 22:33|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00060038.dat
    [11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000600B0.dat
    [10/04/2008 19:26|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0006019A.dat
    [22/06/2008 08:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601DE.dat
    [23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
    [20/11/2008 13:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
    [01/09/2008 00:51|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
    [01/09/2008 00:51|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
    [18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT

    +-----------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\nntuet36.default\prefs.js :

    ~~~~ Mozilla FireFox version 3.0.5 ~~~~

    Start Page : "https://www.orange.fr/portail"

    +----------+

    FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
    FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
    FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
    FOUND - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
    FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");

    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\..\Run]

    CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe

    +--[HKEY_LOCAL_MACHINE\..\Run]

    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe

    +--[HKEY_USERS\.DEFAULT\..\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
    Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.msn.com/

    +---------------------------------------------------------------------------+

    - "C:\AD-report-Scan-21.12.2008.log" (~14379 bytes)

    - "C:\AD-report-Scan-22.12.2008.log" (~14098 bytes)

    # END at: 11:04:36 | 22/12/2008 - Time elapsed: 23.6 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 187 lines ]
    +---------------------------------------------------------------------------+
    0
  7. feeclochette79
     
    voici rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:33:22, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    0
  8. sherred Messages postés 8605 Statut Membre 351
     
    tu n'a pas fait ce que je t'ai demandé
    http://www.commentcamarche.net/forum/affich 9969229 pyagcore search searchdetection?#20
    tu a refait un scan
    tu devais faire un nettoyage
    option B clean

    recommence merci
    0
    1. feeclochette79
       
      excuse ,je recommence
      0
    2. feeclochette79
       
      --------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

      *** Limited to ***

      Boonty/BoontyGames
      Eorezo
      Everest Poker
      Funwebproduct/MyWay/MyWebsearch
      It's TV
      Sweetim

      ******************

      # START at: 13:17:43 | Lun 22/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
      # BOOT MODE: Normal

      # OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

      # PC: KOSVOCORE | USER: Armelle ( Current user is an administrator)

      # DRIVE(S):
      - C:\ (File System: NTFS)

      # Internet Explorer v6.0.2900.5512

      --------- [ RUNNING PROCESSES: 31 ] ---------

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\inKline Global\PC Booster\PCBooster.exe
      C:\Program Files\Stardock\CursorFX\CursorFX.exe
      C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\ntvdm.exe

      -----------------------------------

      (!) ---- IE start pages reset

      +-----------------------| Boonty/Boonty Games Elements Deleted :

      .

      +-----------------------| Eorezo Elements Deleted :

      "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
      "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
      "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
      .
      [07/07/2008 17:44|d--------] C:\Program Files\EoRezo
      [07/07/2008 17:44|d--------] C:\Documents and Settings\Armelle\Application Data\EoRezo

      +-----------------------| Everest Poker Elements Deleted :

      .

      +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

      "HKEY_CURRENT_USER\Software\FunWebProducts"
      .

      +-----------------------| It's TV Elements Deleted :

      "HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
      "HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\ItsLabel"
      .
      [07/07/2008 17:34|d--------] C:\Documents and Settings\Armelle\Application Data\ItsLabel

      +-----------------------| Sweetim Elements Deleted :

      "HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
      "HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
      "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
      "HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
      "HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
      "HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
      "HKEY_CURRENT_USER\SOFTWARE\SWEETIE"
      "HKEY_CURRENT_USER\SOFTWARE\SweetIM"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
      "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
      "HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
      .
      [01/09/2008 00:51|--a------] C:\DOCUME~1\Armelle\APPLIC~1\Mozilla\Firefox\Profiles\NNTUET~1.DEF\SEARCH~1\sweetim.xml
      [01/09/2008 00:51|d--------] C:\Documents and Settings\Armelle\Application Data\Mozilla\Firefox\Profiles\nntuet36.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      [01/09/2008 09:07|d--------] C:\Documents and Settings\Armelle\Application Data\Mozilla\Firefox\Profiles\nntuet36.default\SweetIMToolbarData
      [01/09/2008 00:51|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
      [18/12/2008 12:21|--a------] C:\DOCUME~1\Armelle\Cookies\AR6709~1.TXT

      (!) ---- Temp files deleted.
      (!) ---- Recycle bin emptied in all drives.


      +-----------------------| ADDED SCAN :



      +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

      ...\nntuet36.default\prefs.js :

      ~~~~ Mozilla FireFox version 3.0.5 ~~~~

      Start Page : "https://www.orange.fr/portail"

      +----------+

      REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
      REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
      REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
      REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
      REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
      REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
      REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
      REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
      REMOVED - user_pref("sweetim.toolbar.simapp_id", "{D841062C-CE17-4BBB-9409-DBFDC91BD626}");
      REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.3");

      +---------------------------------------------------------------------------+

      +--[HKEY_CURRENT_USER\..\Run]

      CursorFX REG_SZ "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
      PhotoShow Deluxe Media Manager REG_SZ C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe

      +--[HKEY_LOCAL_MACHINE\..\Run]

      avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      PC Booster REG_SZ C:\Program Files\inKline Global\PC Booster\PCBooster.exe

      +--[HKEY_USERS\.DEFAULT\..\Run]

      CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
      Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe

      +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

      Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

      Start Page : hxxp://fr.msn.com/

      +---------------------------------------------------------------------------+

      - "C:\AD-report-Clean-22.12.2008.log" (~8172 bytes)

      - "C:\AD-report-Scan-21.12.2008.log" (~14379 bytes)

      - "C:\AD-report-Scan-22.12.2008.log" (~14434 bytes)

      # END at: 13:19:45 | 22/12/2008 - Time elapsed: 2 minutes, 2 seconds

      +---------------------------------------------------------------------------+
      +------------------------------- [ E.O.F - 132 lines ]
      +---------------------------------------------------------------------------+
      0
  9. feeclochette79
     
    et avec hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:22:03, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Armelle\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~3\data\xtras\mssysmgr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    0
  10. sherred Messages postés 8605 Statut Membre 351
     
    ok

    redemarre hijac
    coche ces lignes ci dessous

    R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\agcutils.dll

    O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)

    et clic sur FIX CHECKED
    0
    1. feeclochette79
       
      c'est fait ça ma supprimer cette ligne la

      O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
      0
  11. sherred Messages postés 8605 Statut Membre 351
     
    quel probleme a tu encore ?

    comment se comporte ton pc ?

    pour kiwee toolbar
    a tu essaye de le desinstaller a nouveau ?

    0
    1. feeclochette79
       
      salut

      ben mon pc fonctionne normalemement

      mais msn ne fonctionne toujours pas le message d'erreur est le méme ,et kiwee toolbar,je ne peux pas le désinstaller car pas dans mon panneau de configuration

      ce que je voudrais c'est que WLM refonctionne
      0
  12. sherred Messages postés 8605 Statut Membre 351
     
    ok on va essayer ca

    telecharge BTFix (par bibi26)
    http://ftp1.toocharger.com/lo9UPiq/btfix_1_27178.zip
    • Décompresser l'archive (clique droit sur l'archive -> extraire tout) sur le Bureau.
    Il doit y avoir maintenant un dossier du nom de BTFix.
    • Sur le Bureau, ouvrir le dossier BTFix.
    • Double-click sur le fichier BTFix.exe.
    • Click sur Rechercher
    • En fin de procédure il affiche le rapport.
    • Copier/Coller le rapport dans le prochain message

    sinon on shuntera kiwee toolbar via hijackthis
    0
    1. feeclochette79
       
      impossible de télécharger ce fichier mon anti virus le bloque et même en le désactivant ça ne fonctionne toujours pas
      grrrrrrrr c'est la galère
      0
  13. sherred Messages postés 8605 Statut Membre 351
     
    desolé..btfix a été retiré de la circulation...j'avais oublié, et comme l'auteur ne veux pas que l'on utilise
    je ne peu pas te le fournir..dailleur il ne serais pas a jour

    donc redemarre hijac
    coche ces lignes ci dessous

    O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

    O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

    et clic sur FIX CHECKED
    0
    1. feeclochette79
       
      ok pas grave

      les manip sur hijac sont faites
      0
    2. feeclochette79
       
      oulala je suis trop contente msn refonctionne :) merci merci merci

      ais je d'autres manips a faire ou des choses a ne pas faires pour éviter d'autres soucis

      encore merci
      0
  14. sherred Messages postés 8605 Statut Membre 351
     
    OUI

    en premier passe explorer 6 a 7
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    en 2 passe un coup de ccleaner nettoyage de xp et correction de la base de registre
    http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

    en 3 supprimer les outils que nous avons utiliser , qui ne te servent plus et peuvent etre dangereux
    avec ceci
    ToolsCleaner sur
    http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
    executer ce petit nettoyage en mode normale

    comme toolscleaner n'a pas d'installation il te suffira ensuite de le supprimer direct a la poubelle

    voila ...c'est tout
    tu peu utiliser Malwarebytes' Anti-Malware une fois par quinzaine ou par mois selon comment tu te comporte sur internet

    bonne fête
    0
    1. feeclochette79
       
      ok ,
      je ne peux pas installer la version 7 de explorer car c'est une copie de windows que j'ai car mon ordi est acheté d'occasion

      est ce grave ???
      0
      1. sherred Messages postés 8605 Statut Membre 351 > feeclochette79
         
        je comprend mais explorer 6 est une passoire a virus

        alors je te conseil firefox
        http://www.mozilla-europe.org/fr/firefox/
        en plus tu navigeras plus vite
        et il te reprendra tous tes favoris
        0
      2. feeclochette79 > sherred Messages postés 8605 Statut Membre
         
        a bon c'est pour ça ok

        j'ai déjà firefox ,je ne passe jamais par explorer firfox c'est top et en plus il a des mises a jours régumièrement,un ami me l'avait conseillé et il avait raison

        tout ce que tu m'a demandé de faire est fait et avec succés

        encore une fois,je te remercie pour ton aide

        passe de très bonne fétes de fin d'année

        cordialement armelle
        0