Sujet Précédent Sujet Suivant

Msn virus

Résolu
hinata huga -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
a chaque fois que j'ouvre mon msn ,un virus dans mon msn envoie un album photo et puis ,il m'empeche de chatter avec mes amis, svp pouvez vous m'aider ,car j'ai besoin de resourdre ce probleme , merci
Configuration: Windows XP
Internet Explorer 6.0
A voir également:

60 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un problème de sécurité informatique est décrit, avec un virus qui se propage via une session MSN et empêche de chatter, sur un système Windows XP avec Internet Explorer 6.
Des réponses proposent des outils de nettoyage et de détection comme Ad-Remover, SmitfraudFix et MSNFix, des analyses de rapports et des nettoyages complets via CCleaner, Malwarebytes et antivirus.
D'autres interventions mentionnent l'examen des journaux HijackThis et l'identification de composants tels que Spyware, Adware et backdoors, avec l'objectif d'éliminer les entrées malveillantes et les programmes indésirables.
En cas de persistance, des précautions comme la réparation des paramètres du navigateur et l'examen des services et pilotes réseau peuvent être nécessaires, et une restauration du système peut être envisagée si nécessaire.

Généré automatiquement par IA
sur la base des meilleures réponses
Réponse 1 / 60
g!rly Messages postés 18462 Statut Contributeur 407
 
pimprenelle
ça ne t´alerte pas ça ?
O4 - HKLM\..\Run: [fnp] C:\WINDOWS\system32\fnp.exe \j
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
1
Réponse 2 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
télécharge msnfix le tuto est avec. tu fais l'option rechercher, le scan peut être long il faut attendre qu'il marque infection ou pas. puis tu postera le rapport ici.
0
Réponse 3 / 60
hinata huga
 
voiread file error: C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.

c'est ca?,
0
Réponse 4 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
il doit manquer le début, il faut poster le rapport en entier, a-t-il marqué infection?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 60
hinata huga
 
oui , il a marqué une infection ,il m'a demender de redemmarer l'ordi , mais aprés j'ai decouvri que ce problem reste le meme aprés ca , qu'est ce tu me conseille de faire s'il te plait ?,et merci une autre fois
0
Réponse 6 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
le rapport msn fix se présente comme ça normalement.

MSNFix 1.742

C:\Users\blabla\Downloads\MSNFix
Fix exécuté le 21/08/2008 - 12:35:20,06 By blabla
mode normal

************************ Recherche les fichiers présents

... C:\Windows\system32\ACER.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\Windows\system32\ACER.exe

************************ Nettoyage du registre

************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\Windows\system32\drivers\etc\hosts-20080821130926
-- original size 0.74 Kb / 20 lines
-- Start cleaning Hosts file ....

-- final size 0.74 Kb / 20 lines
-- entry Found : 0 / Entry check : 310

End .............................. 19.2 Secondes

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé

************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\Windows\system32\drivers\etc\hosts-20080821131403
-- original size 0.74 Kb / 20 lines
-- Start cleaning Hosts file ....

-- final size 0.74 Kb / 20 lines
-- entry Found : 0 / Entry check : 310

End .............................. 26.18 Secondes

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\Windows\system32\DeviceEject.exe] 5123C80DB8A51766BC13CEC55381E905
[C:\Windows\system32\DeviceProperties.exe] 5942AB66026F3999181B64B01BAEE8DC
[C:\Windows\system32\secinit.exe] 32956A36844093FB99EAE0AEC66916FB
[C:\junction.exe] B25B81716AACA69EECD0EEDBF7891AD1

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\Users\AMEYEM~1\Desktop\Upload_Me.zip /b sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21082008_13142971.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\Windows\system32\userinit.exe,

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
0
Réponse 7 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
Télécharge le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriaux (ne fixe rien pour le moment !!)
0
Réponse 8 / 60
hinata huga
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:28, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur.WINDOWS_XP\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1392740
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fnp] C:\WINDOWS\system32\fnp.exe \j
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{41403478-533D-4CB6-BC5D-FC02AC0F2580}: NameServer = 196.217.246.210 212.217.0.13
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
0
Réponse 9 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
Ensuite passe ce log.

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 10 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

# START at: 10:34:16 | Dim 21/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: WINDOWS_XP | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v6.0.2900.2180

--------- [ RUNNING PROCESSES: 28 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

+-----------------------| Boonty/Boonty Games Elements found :

"Boonty Games" (service)
.
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[18/11/2008 20:47|d--------] C:\PROGRA~1\FICHIE~1\BOONTY~1
[18/11/2008 20:47|d--------] C:\PROGRA~1\FICHIE~1\BOONTY~1\Service
[18/11/2008 20:47|--a------] C:\PROGRA~1\FICHIE~1\BOONTY~1\Service\Boonty.exe
[25/11/2008 17:14|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BOONTY
[25/11/2008 17:14|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BOONTY\Licenses
[26/11/2008 17:07|-r-------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BOONTY\Licenses\B360D000.dat
[29/11/2008 17:23|d--------] C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\BOONTY~1
[25/11/2008 17:13|--a------] C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\BOONTY~1\JEUXTL~2.LNK
[18/11/2008 20:46|--a------] C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\BOONTY~1\JEUXTL~1.URL
[19/11/2008 13:18|--a------] C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\BOONTY~1\JEUXTL~1.LNK

+-----------------------| Eorezo Elements found :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[26/10/2008 19:55|d--------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo
[26/10/2008 19:18|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\cmhost.cyp
[26/10/2008 19:19|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\CONFME~1.CYP
[26/10/2008 19:18|d--------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\db
[26/10/2008 19:19|d--------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\EODESK~1
[26/10/2008 19:45|d--------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\eoStats
[26/10/2008 19:18|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\host.cyp
[26/10/2008 19:55|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\user.cyp
[26/10/2008 19:18|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\db\cat.cyp
[26/10/2008 19:19|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\EODESK~1\config.xml
[26/10/2008 19:19|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[26/10/2008 19:19|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[26/10/2008 19:46|--a------] C:\DOCUME~1\ADMINI~1.WIN\APPLIC~1\EoRezo\eoStats\eoStats.txt

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

"Mywebsearchservice" (service)
.
"HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MyWebSearchService"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MyWebSearchService"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MYWEBSEARCHSERVICE"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}"
.
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\riched20.dll
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\riched20.dll
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\riched20.dll
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\msimg32.dll
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\msimg32.dll
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\msimg32.dll

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D91C9455EF645794DA45B5738EF76F2E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5549C19D-46FE-4975-AD54-5B37E87FF6E2}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D91C9455EF645794DA45B5738EF76F2E"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[18/12/2008 21:40|d--------] C:\PROGRA~1\SweetIM
[22/11/2008 21:24|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\default.xml
[08/10/2008 12:11|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMA~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMM~1.DLL
[08/10/2008 12:11|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGARCH~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgcommon.dll
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGCOMM~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgconfig.dll
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGFLAS~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGHOOK~1.DLL
[08/10/2008 12:12|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQA~1.DLL
[08/10/2008 12:12|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQM~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGIEPL~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mglogger.dll
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMEDI~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNA~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNM~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSIMC~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSWEE~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGUPDA~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGXML_~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~1.DLL
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~2.DLL
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcp71.dll
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[22/11/2008 21:24|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1
[08/10/2008 12:12|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\SweetIM.exe
[22/11/2008 21:24|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\AUDIBL~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\DISPLA~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\EMOTIC~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\NUDGEB~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\SOUNDF~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\WINKSB~1.PNG
[22/11/2008 21:24|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM
[22/11/2008 21:24|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1
[22/11/2008 21:24|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf
[22/11/2008 21:24|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data
[22/11/2008 21:24|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\logs
[22/11/2008 21:24|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\update
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\adapter.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\AUTOUP~1.XML
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\logger.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\messages.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\sweetim.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\SWEETI~1.XML
[05/12/2008 08:49|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users
[23/11/2008 12:47|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\AAR_SC~1.FR
[22/11/2008 21:26|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[04/12/2008 11:55|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\NARUTO~1.FR
[05/12/2008 12:47|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\ROCK_R~1.FR
[05/12/2008 08:49|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SCREAM~1.COM
[24/11/2008 22:11|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SHIZUK~1.FR
[21/12/2008 10:27|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\AAR_SC~1.FR\CONTEN~1.XML
[23/11/2008 12:47|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\AAR_SC~1.FR\EMOTIC~1.XML
[23/11/2008 12:47|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\AAR_SC~1.FR\USER_C~1.XML
[19/12/2008 14:27|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\NARUTO~1.FR\CONTEN~1.XML
[04/12/2008 11:55|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\NARUTO~1.FR\EMOTIC~1.XML
[04/12/2008 11:55|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\NARUTO~1.FR\USER_C~1.XML
[05/12/2008 12:47|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\ROCK_R~1.FR\CONTEN~1.XML
[05/12/2008 12:47|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\ROCK_R~1.FR\EMOTIC~1.XML
[05/12/2008 12:47|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\ROCK_R~1.FR\USER_C~1.XML
[05/12/2008 08:49|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SCREAM~1.COM\CONTEN~1.XML
[05/12/2008 08:49|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SCREAM~1.COM\EMOTIC~1.XML
[05/12/2008 08:49|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SCREAM~1.COM\USER_C~1.XML
[20/12/2008 17:21|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SHIZUK~1.FR\CONTEN~1.XML
[24/11/2008 22:11|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SHIZUK~1.FR\EMOTIC~1.XML
[27/11/2008 17:20|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SHIZUK~1.FR\LASTUS~1.XML
[22/11/2008 21:26|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\conf\users\SHIZUK~1.FR\USER_C~1.XML
[19/12/2008 21:54|d--------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[21/03/2007 20:27|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010893.dat
[13/05/2007 21:13|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001089A.dat
[13/05/2007 21:13|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001089D.dat
[13/08/2007 22:21|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[16/12/2007 10:54|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108C2.dat
[14/08/2008 12:34|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001093C.dat
[16/12/2005 12:23|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006A.dat
[16/12/2005 12:23|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[16/12/2005 12:23|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020071.dat
[16/12/2005 12:23|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020073.dat
[16/12/2005 12:23|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020077.dat
[10/01/2007 11:27|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002013F.dat
[01/03/2007 16:52|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020148.dat
[13/05/2007 21:13|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020158.dat
[09/10/2007 11:41|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020185.dat
[16/12/2007 10:53|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020201.dat
[14/09/2008 12:12|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202ED.dat
[23/10/2008 13:14|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020309.dat
[26/06/2008 14:54|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000300A1.dat
[11/07/2007 13:20|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00050005.dat
[22/05/2008 21:20|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601B4.dat
[10/04/2008 20:26|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080011.dat
[12/05/2008 04:29|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080017.dat
[22/05/2008 21:20|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008001A.dat
[23/06/2008 17:32|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[07/10/2008 11:55|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008005C.dat
[23/10/2008 13:14|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080060.dat
[09/11/2008 11:40|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080063.dat
[07/12/2008 09:54|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080088.dat
[07/12/2008 09:54|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008008D.dat
[01/07/2008 00:38|-ra------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\02050002.dat
[19/12/2008 21:54|--a------] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\x56p5ehg.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.3 ~~~~

Start Page : "http://www.lo.st"

+----------+

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
EoEngine REG_SZ
fnp REG_SZ C:\WINDOWS\system32\fnp.exe \j
VirusKeeper REG_SZ C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

+--[HKEY_USERS\.DEFAULT\..\Run]

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://search.conduit.com/?SearchSource=10&ctid=CT1392740

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-21.12.2008.log" (~27071 bytes)

# END at: 10:35:52 | 21/12/2008 - Time elapsed: 96.7 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 322 lines ]
+---------------------------------------------------------------------------+
0
Réponse 11 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
! Déconnectes toi et fermes toutes applications en cours !

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

0
Réponse 12 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
merci , je vais essayer; merci bcppppppp!!!!
0
Réponse 13 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
--------- Logfile of AD-Remover 1.0.7.8 by C_XX ---------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim

******************

# START at: 11:34:44 | Dim 21/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: WINDOWS_XP | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v6.0.2900.2180

--------- [ RUNNING PROCESSES: 26 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Boonty/Boonty Games Elements Deleted :

"Boonty Games" (service)
.
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[18/11/2008 20:47|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
[25/11/2008 17:14|d--------] C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
[29/11/2008 17:23|d--------] C:\Documents and Settings\All Users.WINDOWS\MENUDM~1\PROGRA~1\BoontyGames

+-----------------------| Eorezo Elements Deleted :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[26/10/2008 19:55|d--------] C:\Documents and Settings\Administrateur.WINDOWS_XP\Application Data\EoRezo

+-----------------------| Everest Poker Elements Deleted :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

"MyWebSearchService" (service)
.
"HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MyWebSearchService"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MYWEBSEARCHSERVICE"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}"
.
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\riched20.dll
[11/11/2008 12:46|--a------] C:\PROGRA~1\WINDOW~4\MESSEN~1\msimg32.dll

+-----------------------| It's TV Elements Deleted :

.

+-----------------------| Sweetim Elements Deleted :

"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D91C9455EF645794DA45B5738EF76F2E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5549C19D-46FE-4975-AD54-5B37E87FF6E2}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D91C9455EF645794DA45B5738EF76F2E"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[18/12/2008 21:40|d--------] C:\Program Files\SweetIM
[22/11/2008 21:24|d--------] C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\x56p5ehg.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.3 ~~~~

Start Page : "http://www.lo.st"

+----------+

+--[HKEY_CURRENT_USER\..\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
fnp REG_SZ C:\WINDOWS\system32\fnp.exe \j
VirusKeeper REG_SZ C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

+--[HKEY_USERS\.DEFAULT\..\Run]

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://search.conduit.com/?SearchSource=10&ctid=CT1392740

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-21.12.2008.log" (~15020 bytes)

- "C:\AD-report-Scan-21.12.2008.log" (~27407 bytes)

# END at: 11:41:28 | 21/12/2008 - Time elapsed: 6 minutes, 44 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 196 lines ]
+---------------------------------------------------------------------------+
0
Réponse 14 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
analyse hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:27, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur.WINDOWS_XP\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1392740
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fnp] C:\WINDOWS\system32\fnp.exe \j
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{41403478-533D-4CB6-BC5D-FC02AC0F2580}: NameServer = 196.217.246.210 212.217.0.13
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 15 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
Tu as quoi comme antivirus?

Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

Tutoriaux
0
Réponse 16 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
j'ai comme antivirus VIRUS KEEPER & AVG anti-spyware
0
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
ba bravo avec tout ça ils sont super tes antivirus bravo. tu ferais mieux de changé pour un payant comme kaspersky qui est largement mieux, et pas très cher une vingtaine d'euro.
0
Réponse 17 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1528
Windows 5.1.2600 Service Pack 2

21/12/2008 15:43:57
mbam-log-2008-12-21 (15-43-46).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 80956
Temps écoulé: 42 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 52
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\alqohrdj (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\alqohrdj (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\alqohrdj (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\alqohrdj (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur.WINDOWS_XP\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrateur.WINDOWS_XP\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Administrateur.WINDOWS_XP\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP38\A0175770.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0181855.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0181858.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183863.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183866.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183867.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183868.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183874.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183875.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183878.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183913.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183914.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183915.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183922.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183924.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP42\A0183926.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP55\A0280609.dll (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{829D906E-DECD-44BD-8153-B1A033F6F3E8}\RP59\A0327818.dll (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\drivers\alqohrdj.sys (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Administrateur.WINDOWS_XP\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\WINDOWS\system32\Drivers\ndisio.sys (Backdoor.Bot) -> No action taken.
0
Réponse 18 / 60
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
 
ba bravo avec tout ça ils sont super tes antivirus bravo. tu ferais mieux de changé pour un payant comme kaspersky qui est largement mieux, et pas très cher une vingtaine d'euro.

Merci de me mettre un nouvel hijackthis.
0
Réponse 19 / 60
hinata huga Messages postés 250 Date d'inscription   Statut Membre Dernière intervention   31
 
quelle est l'etape suivante, ou c'est fini? merciiiiiiii bcp pour ton aide
0
Réponse 20 / 60
dorgane Messages postés 277 Date d'inscription   Statut Contributeur Dernière intervention   3 298
 
rien na ete supprimé dans ton malware byte la !!!!!!!!!!!

-> No action taken.

supprime la selection !
0
Utilisateur anonyme
 
C'est quoi ca : NO ACTION TAKEN, et pourquoi lui proposer un antivirus payant Il y en a de tres bons gratuits que je saches... Antivir avira ca te dis rien ?
0
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503 > Utilisateur anonyme
 
les antivirus payant c'est bien mieux au moins tu as une assistance en cas de pépin et tu peux toujours contacter quelq'un. kaspersky est considéré comme l'un des meilleurs antivrus. donc c'est celui là que je conseille. elle avait bien avg gratuit et elle à eu plein de virus. moi j'ai kaspersky payant et rien. donc à elle de voir.
0
  • 1
  • 2
  • 3

Discussions similaires

symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses