Eazel

slt rico,
merci d'avoir répondu à mon message. je vais faire les manip et je te recontacte

slt rico, alors voici le rapport que tu m'as demandé


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:44, on 17/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\login\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\DOCUME~1\login\LOCALS~1\Temp\mia3.tmp\DriverScanner_Setup.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asiaflash.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XBTP03387 - {70F76008-A8D9-4d5f-ABB7-3395612738F8} - C:\PROGRA~1\Humour Toolbar\humour.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Humour Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Humour Toolbar\humour.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\login\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: DriverScanner.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Humour Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Humour Toolbar\humour.dll
O9 - Extra 'Tools' menuitem: Humour Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Humour Toolbar\humour.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

re,
alors j'ai télécharger toolbar et sur la fenêtre bleue (ou il y a le choix des langues), j'ai cliqué sur F puis entrée et là rien ne s'est passé. dans le menu de l'icône (raccourci) il n'y a pas d'option 1 (recherche) par contre rechercher les virus. qu'est-ce que je fais ?

effectivement, ça a marché.en fait j'ai cliqué sur la lettre au lieu de la tapé.


-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/02/2009| 2:35 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(emmy) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(login) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(login) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Search_URL"="http://www.google.com/ie"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009| 2:37 - Option : [1]

-----------\\ Fin du rapport a 2:37:24,23

slt rico

merci pour ces informations et tes explications. voici le rapport d'ad-remover

C:\Ad-Report-Scan-17.02.2009.log

rico,

est-ce qu'il faut que je relance ad-remover ? j'ai pourtant suivi la procédure.

re,
voici le rapport


------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 15:02:59 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Documents and Settings\login\Bureau\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: KOSVOCORE
Current User: login - Administrator
Drive(s):
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\login\LOCALS~1\Temp\BoontyGames.0001

+-----------------| Eorezo Elements Found:

HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\lang
C:\Documents and Settings\login\Application Data\EoRezo
C:\Documents and Settings\login\Application Data\EoRezo\db
C:\Documents and Settings\login\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\login\Application Data\EoRezo\SoftwareUpdate
C:\DOCUME~1\login\LOCALS~1\Temp\is-7DLEG.tmp\EoRezo
C:\Documents and Settings\emmy\Application Data\Eorezo
C:\Documents and Settings\emmy\Application Data\Eorezo\db
C:\Documents and Settings\emmy\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\login\Cookies\login@ads.eorezo[2].txt
C:\Documents and Settings\login\Cookies\login@eorezo[2].txt
C:\Documents and Settings\emmy\Cookies\emmy@eorezo[1].txt
C:\Documents and Settings\emmy\Cookies\emmy@soft.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
HKU\S-1-5-21-329068152-1390067357-725345543-1001\Software\Titan Poker
.
C:\Poker\Titan Poker
C:\Poker\Titan Poker\data
C:\Poker\Titan Poker\data\blackjack
C:\Poker\Titan Poker\data\lobby
C:\Poker\Titan Poker\data\poker_caribbean
C:\Poker\Titan Poker\data\poker_holdem
C:\Poker\Titan Poker\data\poker_paigow
C:\Poker\Titan Poker\data\poker_tequila
C:\Poker\Titan Poker\data\roulette
C:\Poker\Titan Poker\data\shared
C:\Poker\Titan Poker\data\slots_globaltraveler20line
C:\Poker\Titan Poker\data\slots_gold8line
C:\Poker\Titan Poker\data\slots_millionaireslane20line
C:\Poker\Titan Poker\data\table
C:\Poker\Titan Poker\data\videopoker_4deuceswild
C:\Poker\Titan Poker\data\videopoker_deuceswild
C:\Poker\Titan Poker\data\videopoker_jacks
C:\Poker\Titan Poker\data\lobby\buttons
C:\Poker\Titan Poker\data\lobby\dialogs
C:\Poker\Titan Poker\data\lobby\login
C:\Poker\Titan Poker\data\lobby\sidegames
C:\Poker\Titan Poker\data\lobby\tables
C:\Poker\Titan Poker\data\lobby\waitinglist
C:\Poker\Titan Poker\data\roulette\3d
C:\Poker\Titan Poker\data\roulette\buttons
C:\Poker\Titan Poker\data\roulette\sounds
C:\Poker\Titan Poker\data\roulette\zoom
C:\Poker\Titan Poker\data\shared\9line
C:\Poker\Titan Poker\data\shared\blackjack
C:\Poker\Titan Poker\data\shared\buttons
C:\Poker\Titan Poker\data\shared\cards
C:\Poker\Titan Poker\data\shared\coins
C:\Poker\Titan Poker\data\shared\dollarball
C:\Poker\Titan Poker\data\shared\doublescreen
C:\Poker\Titan Poker\data\shared\fonts
C:\Poker\Titan Poker\data\shared\history
C:\Poker\Titan Poker\data\shared\html
C:\Poker\Titan Poker\data\shared\interface
C:\Poker\Titan Poker\data\shared\options
C:\Poker\Titan Poker\data\shared\sounds
C:\Poker\Titan Poker\data\shared\tablegames
C:\Poker\Titan Poker\data\shared\tablesigns
C:\Poker\Titan Poker\data\shared\ui
C:\Poker\Titan Poker\data\shared\videopoker_4line
C:\Poker\Titan Poker\data\shared\videopoker_deuces
C:\Poker\Titan Poker\data\shared\videopoker_jacks
C:\Poker\Titan Poker\data\shared\cards\poker
C:\Poker\Titan Poker\data\shared\cards\textures
C:\Poker\Titan Poker\data\shared\coins\tablecoins
C:\Poker\Titan Poker\data\shared\dollarball\sounds
C:\Poker\Titan Poker\data\shared\history\cards
C:\Poker\Titan Poker\data\shared\html\chat
C:\Poker\Titan Poker\data\shared\html\chat\emoticons
C:\Poker\Titan Poker\data\shared\interface\chat
C:\Poker\Titan Poker\data\shared\sounds\dealervoices
C:\Poker\Titan Poker\data\shared\sounds\playersounds
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons
C:\Poker\Titan Poker\data\slots_globaltraveler20line\animation
C:\Poker\Titan Poker\data\slots_globaltraveler20line\betlines
C:\Poker\Titan Poker\data\slots_globaltraveler20line\bonus
C:\Poker\Titan Poker\data\slots_globaltraveler20line\sounds
C:\Poker\Titan Poker\data\slots_globaltraveler20line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus
C:\Poker\Titan Poker\data\slots_gold8line\fonts
C:\Poker\Titan Poker\data\slots_gold8line\sounds
C:\Poker\Titan Poker\data\slots_gold8line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus\screen
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable
C:\Poker\Titan Poker\data\table\3d
C:\Poker\Titan Poker\data\table\anim
C:\Poker\Titan Poker\data\table\chat
C:\Poker\Titan Poker\data\table\smallview
C:\Poker\Titan Poker\data\table\topview
C:\Poker\Titan Poker\data\table\chat\cards
C:\Poker\Titan Poker\data\table\smallview\anim
C:\Poker\Titan Poker\data\table\smallview\buttons
C:\Poker\Titan Poker\data\table\smallview\chat
C:\Poker\Titan Poker\data\table\smallview\coins
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\anim
C:\Poker\Titan Poker\data\table\topview\avatars
C:\Poker\Titan Poker\data\table\topview\buttons
C:\Poker\Titan Poker\data\table\topview\cards
C:\Poker\Titan Poker\data\table\topview\chat
C:\Poker\Titan Poker\data\table\topview\coins
C:\Poker\Titan Poker\data\table\topview\dialogs
C:\Poker\Titan Poker\data\table\topview\history
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\chat\chat_side
C:\Documents and Settings\login\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: lm3cdlep.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Eazel-FR Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-329068152-1390067357-725345543-1001\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

+---------------------------------------------------------------------------+

[~11663 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 15:05:09 | 17/02/2009
.
+-----------------| E.O.F - 244 Lines
.

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 15:02:59 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Documents and Settings\login\Bureau\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: KOSVOCORE
Current User: login - Administrator
Drive(s):
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\login\LOCALS~1\Temp\BoontyGames.0001

+-----------------| Eorezo Elements Found:

HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\lang
C:\Documents and Settings\login\Application Data\EoRezo
C:\Documents and Settings\login\Application Data\EoRezo\db
C:\Documents and Settings\login\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\login\Application Data\EoRezo\SoftwareUpdate
C:\DOCUME~1\login\LOCALS~1\Temp\is-7DLEG.tmp\EoRezo
C:\Documents and Settings\emmy\Application Data\Eorezo
C:\Documents and Settings\emmy\Application Data\Eorezo\db
C:\Documents and Settings\emmy\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\login\Cookies\login@ads.eorezo[2].txt
C:\Documents and Settings\login\Cookies\login@eorezo[2].txt
C:\Documents and Settings\emmy\Cookies\emmy@eorezo[1].txt
C:\Documents and Settings\emmy\Cookies\emmy@soft.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
HKU\S-1-5-21-329068152-1390067357-725345543-1001\Software\Titan Poker
.
C:\Poker\Titan Poker
C:\Poker\Titan Poker\data
C:\Poker\Titan Poker\data\blackjack
C:\Poker\Titan Poker\data\lobby
C:\Poker\Titan Poker\data\poker_caribbean
C:\Poker\Titan Poker\data\poker_holdem
C:\Poker\Titan Poker\data\poker_paigow
C:\Poker\Titan Poker\data\poker_tequila
C:\Poker\Titan Poker\data\roulette
C:\Poker\Titan Poker\data\shared
C:\Poker\Titan Poker\data\slots_globaltraveler20line
C:\Poker\Titan Poker\data\slots_gold8line
C:\Poker\Titan Poker\data\slots_millionaireslane20line
C:\Poker\Titan Poker\data\table
C:\Poker\Titan Poker\data\videopoker_4deuceswild
C:\Poker\Titan Poker\data\videopoker_deuceswild
C:\Poker\Titan Poker\data\videopoker_jacks
C:\Poker\Titan Poker\data\lobby\buttons
C:\Poker\Titan Poker\data\lobby\dialogs
C:\Poker\Titan Poker\data\lobby\login
C:\Poker\Titan Poker\data\lobby\sidegames
C:\Poker\Titan Poker\data\lobby\tables
C:\Poker\Titan Poker\data\lobby\waitinglist
C:\Poker\Titan Poker\data\roulette\3d
C:\Poker\Titan Poker\data\roulette\buttons
C:\Poker\Titan Poker\data\roulette\sounds
C:\Poker\Titan Poker\data\roulette\zoom
C:\Poker\Titan Poker\data\shared\9line
C:\Poker\Titan Poker\data\shared\blackjack
C:\Poker\Titan Poker\data\shared\buttons
C:\Poker\Titan Poker\data\shared\cards
C:\Poker\Titan Poker\data\shared\coins
C:\Poker\Titan Poker\data\shared\dollarball
C:\Poker\Titan Poker\data\shared\doublescreen
C:\Poker\Titan Poker\data\shared\fonts
C:\Poker\Titan Poker\data\shared\history
C:\Poker\Titan Poker\data\shared\html
C:\Poker\Titan Poker\data\shared\interface
C:\Poker\Titan Poker\data\shared\options
C:\Poker\Titan Poker\data\shared\sounds
C:\Poker\Titan Poker\data\shared\tablegames
C:\Poker\Titan Poker\data\shared\tablesigns
C:\Poker\Titan Poker\data\shared\ui
C:\Poker\Titan Poker\data\shared\videopoker_4line
C:\Poker\Titan Poker\data\shared\videopoker_deuces
C:\Poker\Titan Poker\data\shared\videopoker_jacks
C:\Poker\Titan Poker\data\shared\cards\poker
C:\Poker\Titan Poker\data\shared\cards\textures
C:\Poker\Titan Poker\data\shared\coins\tablecoins
C:\Poker\Titan Poker\data\shared\dollarball\sounds
C:\Poker\Titan Poker\data\shared\history\cards
C:\Poker\Titan Poker\data\shared\html\chat
C:\Poker\Titan Poker\data\shared\html\chat\emoticons
C:\Poker\Titan Poker\data\shared\interface\chat
C:\Poker\Titan Poker\data\shared\sounds\dealervoices
C:\Poker\Titan Poker\data\shared\sounds\playersounds
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons
C:\Poker\Titan Poker\data\slots_globaltraveler20line\animation
C:\Poker\Titan Poker\data\slots_globaltraveler20line\betlines
C:\Poker\Titan Poker\data\slots_globaltraveler20line\bonus
C:\Poker\Titan Poker\data\slots_globaltraveler20line\sounds
C:\Poker\Titan Poker\data\slots_globaltraveler20line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus
C:\Poker\Titan Poker\data\slots_gold8line\fonts
C:\Poker\Titan Poker\data\slots_gold8line\sounds
C:\Poker\Titan Poker\data\slots_gold8line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus\screen
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable
C:\Poker\Titan Poker\data\table\3d
C:\Poker\Titan Poker\data\table\anim
C:\Poker\Titan Poker\data\table\chat
C:\Poker\Titan Poker\data\table\smallview
C:\Poker\Titan Poker\data\table\topview
C:\Poker\Titan Poker\data\table\chat\cards
C:\Poker\Titan Poker\data\table\smallview\anim
C:\Poker\Titan Poker\data\table\smallview\buttons
C:\Poker\Titan Poker\data\table\smallview\chat
C:\Poker\Titan Poker\data\table\smallview\coins
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\anim
C:\Poker\Titan Poker\data\table\topview\avatars
C:\Poker\Titan Poker\data\table\topview\buttons
C:\Poker\Titan Poker\data\table\topview\cards
C:\Poker\Titan Poker\data\table\topview\chat
C:\Poker\Titan Poker\data\table\topview\coins
C:\Poker\Titan Poker\data\table\topview\dialogs
C:\Poker\Titan Poker\data\table\topview\history
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\chat\chat_side
C:\Documents and Settings\login\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: lm3cdlep.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Eazel-FR Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-329068152-1390067357-725345543-1001\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

+---------------------------------------------------------------------------+

[~11663 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 15:05:09 | 17/02/2009
.
+-----------------| E.O.F - 244 Lines
.

oui dsl


------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 17:37:38 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Documents and Settings\login\Bureau\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: KOSVOCORE
Current User: login - Administrator
Drive(s):
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

Service: "Boonty Games"
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\Gogii\BabySitting\Boonty
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\login\LOCALS~1\Temp\BoontyGames.0001

+-----------------| Eorezo Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
.
C:\Program Files\EoRezo
C:\Documents and Settings\login\Application Data\EoRezo
C:\DOCUME~1\login\LOCALS~1\Temp\is-7DLEG.tmp\EoRezo
C:\Documents and Settings\emmy\Application Data\Eorezo
C:\Documents and Settings\login\Cookies\login@ads.eorezo[2].txt
C:\Documents and Settings\login\Cookies\login@eorezo[1].txt
C:\Documents and Settings\emmy\Cookies\emmy@eorezo[2].txt
C:\Documents and Settings\emmy\Cookies\emmy@soft.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Deleted :

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
.
C:\Poker\Titan Poker
C:\Documents and Settings\login\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: lm3cdlep.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Eazel-FR Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-329068152-1390067357-725345543-1001\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~5470 Bytes] - "C:\Ad-Report-Clean-17.02.2009.log"
[~11797 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-
C:\Documents and Settings\login\Bureau\TOOLS\BACKUP\17.02.2009 - Prefs.js

End at: 17:41:11 | 17/02/2009
.
+-----------------| E.O.F - 120 Lines
.

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1770
Windows 5.1.2600 Service Pack 2

17/02/2009 18:27:33
mbam-log-2009-02-17 (18-27-33).txt

Type de recherche: Examen rapide
Eléments examinés: 62880
Temps écoulé: 4 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xbtb03387.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{01d4fef7-2313-4999-86ef-cc06e0daff2b} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70f76008-a8d9-4d5f-abb7-3395612738f8} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70f76008-a8d9-4d5f-abb7-3395612738f8} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70f76008-a8d9-4d5f-abb7-3395612738f8} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03387.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03387.xbtb03387 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03387.xbtb03387.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb03387.xbtb03387toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Humour Toolbar\humour.dll (Adware.SoftMate) -> Quarantined and deleted successfully.

slt rico,
j'ai tetecharge cleeaner et tu m'as dis de décocher la ligne "cache de l'arrangement du menu" mais elle est déjà décochée. je fais quoi ?

c'est quoi ces rapports???!! je te remercie infiniment pour ta patience et ton aide. voici le premier

Logfile of random's system information tool 1.05 (written by random/random)
Run by login at 2009-02-18 15:40:47
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 39 GB (77%) free of 50 GB
Total RAM: 255 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:52, on 18/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\login\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\login.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asiaflash.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: DriverScanner.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

et le 2ème

info.txt logfile of random's system information tool 1.05 2009-02-18 15:39:48

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Ad-remover-->C:\Documents and Settings\login\Bureau\Uninstal.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BearShare Applications\BearShare\UNWISE.EXE C:\PROGRA~1\BearShare Applications\BearShare\INSTALL.LOG
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
DartyBox-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A975AC1-1E5B-43B7-B42B-6E617B39C936}\setup.exe" -l0x40c
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
download-boosters Toolbar-->C:\PROGRA~1\download-boosters\UNWISE.EXE C:\PROGRA~1\download-boosters\INSTALL.LOG
eBay Toolbar-->C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe -runfromtemp -l0x040c eBay Toolbar -removeonly
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
L'Assistant DartyBox-->C:\Program Files\Assistant Dartybox\L'Assistant DartyBox Uninstaller.exe
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E74559C2-BB47-45AD-83DD-0D66B67E7811}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}
OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9171.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Spider-->"C:\Program Files\Spider\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Live Toolbar-->MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}

======Security center information======

AV: Symantec AntiVirus Corporate Edition

System event log

Computer Name: KOSVOCORE
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 47302
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 47301
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 47300
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : en cours d'exécution.

Record Number: 47299
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Explorateur d'ordinateur.

Record Number: 47298
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: KOSVOCORE
Event Code: 0
Message:
Record Number: 75434
Source Name: gusvc
Time Written: 20090211211915.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 35
Message: Le service 'Symantec Event Manager' a démarré.

Record Number: 75433
Source Name: ccEvtMgr
Time Written: 20090211211907.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 34
Message: Le service Symantec Event Manager démarre.

Record Number: 75432
Source Name: ccEvtMgr
Time Written: 20090211211906.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 35
Message: Le service 'Symantec Settings Manager' a démarré.

Record Number: 75431
Source Name: ccSetMgr
Time Written: 20090211211905.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 34
Message: Le service Symantec Settings Manager démarre.

Record Number: 75430
Source Name: ccSetMgr
Time Written: 20090211211905.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

rico,

je n'ai pas eu le rapport d'hijackthis et quand j'ouvre firefox, il y a tjs eazel qui s'affiche avec cette adresse :

http://search.conduit.com/?ctid=CT2095689&SearchSource=13

j'ai beau configurer l'adresse internet ds le panneau de confi. , eazel revient à chaque fois que j'ouvre firefox

j'ai rechercher eazel (je l'avais déjà fait) et rien trouvé. pas de résultat. voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:53, on 18/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asiaflash.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: DriverScanner.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

oui j'ai déjà chercher dans "outils" et en plus je n'ai pas les cases que tu m'as dis de cocher. tant pis. encore une fois merci beaucoup pour ton aide et bonne fin de journée