High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Eazel

Dernière réponse le 18 fév 2009 à 18:07:47 elm, le 16 fév 2009 à 21:17:35 
 Signaler ce message aux modérateurs

Bonjour,
mon pc rame. il rame tellement que j'ai le tps de faire autre chose avant qu'il passe à autre chose. alors j'ai voulu installer SpeedUpMyPc. je ne sais pas si j'ai fais une mauvaise manip mais non seulement il rame tjs mais en plus j'ai installer eazel et je n'arrive plus à enlever de la page d'accueil. mm en configurant l'adresse internet dans le panneau de config. il fait partie de la page google (j'ai firefox). comment le supprimer?

Configuration: Windows XP
Firefox 2.0.0.20

Posez votre question Répondre

1

ric025, le 16 fév 2009 à 21:36:54

Salut!

Tu peux faire ceci stp:

Télécharge HIJACKTHIS

Tout est expliqué pour bien l'installer et savoir l'utiliser.

Comment copier/coller le rapport:

Quand tu as le rapport à l'écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

Ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

Une explication des raccourcis clavier sont illustrés sur ce site web (merci à Geoffrey5) :

http://forum-aide-contre-virus.be/divers.html

A++ ;)

   
Répondre à ric025

2

elm, le 16 fév 2009 à 23:39:25

Slt rico,
merci d'avoir répondu à mon message. je vais faire les manip et je te recontacte

   
Répondre à elm

3

elm, le 17 fév 2009 à 00:09:00

Slt rico, alors voici le rapport que tu m'as demandé


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:44, on 17/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\login\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Ares\Ares.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\DOCUME~1\login\LOCALS~1\Temp\mia3.tmp\DriverScanner_Setup­.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asiaflash.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XBTP03387 - {70F76008-A8D9-4d5f-ABB7-3395612738F8} - C:\PROGRA~1\Humour Toolbar\humour.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Humour Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Humour Toolbar\humour.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\login\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: DriverScanner.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Humour Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Humour Toolbar\humour.dll
O9 - Extra 'Tools' menuitem: Humour Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Humour Toolbar\humour.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 13485 bytes

   
Répondre à elm

4

ric025, le 17 fév 2009 à 00:13:55

Bien!

Commence par ceci:

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

http://eric.71.mespages.googlepages.com/ToolBarSD.exe

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le rapport généré. (C:\TB.txt)

A+

   
Répondre à ric025

5

elm, le 17 fév 2009 à 02:06:27

Re,
alors j'ai télécharger toolbar et sur la fenêtre bleue (ou il y a le choix des langues), j'ai cliqué sur F puis entrée et là rien ne s'est passé. dans le menu de l'icône (raccourci) il n'y a pas d'option 1 (recherche) par contre rechercher les virus. qu'est-ce que je fais ?

   
Répondre à elm

6

ric025, le 17 fév 2009 à 02:29:15

Ok! Supprime toolbar et télécharge-le à nouveau.

Je viens de le tester, il fonctionne parfaitement.

Lance-le, une fenêtre bleue s'ouvre, tu choisis la langue souhaitée. Tu tapes f et puis entrer. Tu patientes un peu, l'outil va te prévenir qu'il y a un risque de trouver des FP (faux positifs). Tu cliques sur "OUI" et une seconde fenêtre bleue va s'ouvrir. Tu tapes 1 puis Entrer et tu patientes le temps du scan.

Au pire, si vraiment cela ne fonctionne pas, désactive tes protections le temps du scan.

A+

   
Répondre à ric025

7

elm, le 17 fév 2009 à 02:35:11

Effectivement, ça a marché.en fait j'ai cliqué sur la lettre au lieu de la tapé.


-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/02/2009| 2:35 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(emmy) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(login) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(login) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"SearchAssistant"="http://search.bearshare.com/sidebar.html?src=ssb"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Default_Search_URL"="http://www.google.com/ie"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009| 2:37 - Option : [1]

-----------\\ Fin du rapport a 2:37:24,23

   
Répondre à elm

8

ric025, le 17 fév 2009 à 02:53:14

Ok! Tu veux que je te dise?

Tout ça pour rien, le rapport est vierge!! XDD

Par contre, tu as téléchargé Eorezo! C'est un logiciel malsain! Également Boonty Games! Vois leur politique: 

"Il se peut que nous partageons aussi des informations payantes avec des tiers
qui fournissent ds services payants et partage des données regroupées montrant le type
et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."


Fais donc ceci:

Ad-Remover (par Cyril du 17 / C_XX):

Télécharge et enregistre le fichier d'installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

Double clique sur le programme d'installation , et installe-le dans son emplacement par défaut. ( le bureau )

Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

Au menu principal choisis l'option "A"

Poste le rapport qui apparait à la fin.


( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

   
Répondre à ric025

9

elm, le 17 fév 2009 à 15:05:08

Slt rico

merci pour ces informations et tes explications. voici le rapport d'ad-remover

C:\Ad-Report-Scan-17.02.2009.log

   
Répondre à elm

10

ric025, le 17 fév 2009 à 15:17:08

Mais c'est quoi le problème avec ces rapports Ad-Remover!! XDD

Je viens de faire tourner le fix sur mon pc, il fonctionne bien!

Voici à quoi ressemble le rapport: 

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 15:06:56 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: xxxxxxxxx
Current User: acer - Administrator
Drive(s): 
- C:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 34

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: cdsbnk0w.default
.
.
(Prefs.js) FOUND: user_pref("weboftrust.search.mahalo.style", "#content-container a ~ [ATTR=\"NAME\"] { background: url(IMAGE) right no-repeat; margin-left: 2px; margin-right: 5px; }");
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1993962763-746137067-1177238915-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2367 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 15:10:42 | 17/02/2009
.
+-----------------| E.O.F - 54 Lines
.


=======================

Peut-être la procédure mal expliquée?

La voici transformée:

Ad-Remover (par Cyril du 17 / C_XX):

Télécharge et enregistre le fichier d'installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

Double clique sur le programme d'installation , et installe-le dans son emplacement par défaut. ( le bureau )

Ouvre le dossier Ad-remover qui vient d'apparaître sur ton bureau par double-clic

Au menu principal tape "A" puis "Entrée" pour valider.

Patiente le temps du scan. A la fin, il te demandera de presser sur une touche pour faire apparaître le rapport. Fais-le.

Poste le dans ta prochaine réponse par copié/collé.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

   
Répondre à ric025

11

elm, le 17 fév 2009 à 16:02:32

Rico,

est-ce qu'il faut que je relance ad-remover ? j'ai pourtant suivi la procédure.

   
Répondre à elm

12

elm, le 17 fév 2009 à 16:10:04

Re,
voici le rapport


------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 15:02:59 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Documents and Settings\login\Bureau\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: KOSVOCORE
Current User: login - Administrator
Drive(s):
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3­cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0­FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2­3587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2­3587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\login\LOCALS~1\Temp\BoontyGames.0001

+-----------------| Eorezo Elements Found:

HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23F­DC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19­689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E105­6F87F4E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoE­ngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sof­twareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine­
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Software­helper
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\lang
C:\Documents and Settings\login\Application Data\EoRezo
C:\Documents and Settings\login\Application Data\EoRezo\db
C:\Documents and Settings\login\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\login\Application Data\EoRezo\SoftwareUpdate
C:\DOCUME~1\login\LOCALS~1\Temp\is-7DLEG.tmp\EoRezo
C:\Documents and Settings\emmy\Application Data\Eorezo
C:\Documents and Settings\emmy\Application Data\Eorezo\db
C:\Documents and Settings\emmy\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\login\Cookies\login@ads.eorezo[2].txt
C:\Documents and Settings\login\Cookies\login@eorezo[2].txt
C:\Documents and Settings\emmy\Cookies\emmy@eorezo[1].txt
C:\Documents and Settings\emmy\Cookies\emmy@soft.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Tit­an Poker
HKU\S-1-5-21-329068152-1390067357-725345543-1001\Software\Ti­tan Poker
.
C:\Poker\Titan Poker
C:\Poker\Titan Poker\data
C:\Poker\Titan Poker\data\blackjack
C:\Poker\Titan Poker\data\lobby
C:\Poker\Titan Poker\data\poker_caribbean
C:\Poker\Titan Poker\data\poker_holdem
C:\Poker\Titan Poker\data\poker_paigow
C:\Poker\Titan Poker\data\poker_tequila
C:\Poker\Titan Poker\data\roulette
C:\Poker\Titan Poker\data\shared
C:\Poker\Titan Poker\data\slots_globaltraveler20line
C:\Poker\Titan Poker\data\slots_gold8line
C:\Poker\Titan Poker\data\slots_millionaireslane20line
C:\Poker\Titan Poker\data\table
C:\Poker\Titan Poker\data\videopoker_4deuceswild
C:\Poker\Titan Poker\data\videopoker_deuceswild
C:\Poker\Titan Poker\data\videopoker_jacks
C:\Poker\Titan Poker\data\lobby\buttons
C:\Poker\Titan Poker\data\lobby\dialogs
C:\Poker\Titan Poker\data\lobby\login
C:\Poker\Titan Poker\data\lobby\sidegames
C:\Poker\Titan Poker\data\lobby\tables
C:\Poker\Titan Poker\data\lobby\waitinglist
C:\Poker\Titan Poker\data\roulette\3d
C:\Poker\Titan Poker\data\roulette\buttons
C:\Poker\Titan Poker\data\roulette\sounds
C:\Poker\Titan Poker\data\roulette\zoom
C:\Poker\Titan Poker\data\shared\9line
C:\Poker\Titan Poker\data\shared\blackjack
C:\Poker\Titan Poker\data\shared\buttons
C:\Poker\Titan Poker\data\shared\cards
C:\Poker\Titan Poker\data\shared\coins
C:\Poker\Titan Poker\data\shared\dollarball
C:\Poker\Titan Poker\data\shared\doublescreen
C:\Poker\Titan Poker\data\shared\fonts
C:\Poker\Titan Poker\data\shared\history
C:\Poker\Titan Poker\data\shared\html
C:\Poker\Titan Poker\data\shared\interface
C:\Poker\Titan Poker\data\shared\options
C:\Poker\Titan Poker\data\shared\sounds
C:\Poker\Titan Poker\data\shared\tablegames
C:\Poker\Titan Poker\data\shared\tablesigns
C:\Poker\Titan Poker\data\shared\ui
C:\Poker\Titan Poker\data\shared\videopoker_4line
C:\Poker\Titan Poker\data\shared\videopoker_deuces
C:\Poker\Titan Poker\data\shared\videopoker_jacks
C:\Poker\Titan Poker\data\shared\cards\poker
C:\Poker\Titan Poker\data\shared\cards\textures
C:\Poker\Titan Poker\data\shared\coins\tablecoins
C:\Poker\Titan Poker\data\shared\dollarball\sounds
C:\Poker\Titan Poker\data\shared\history\cards
C:\Poker\Titan Poker\data\shared\html\chat
C:\Poker\Titan Poker\data\shared\html\chat\emoticons
C:\Poker\Titan Poker\data\shared\interface\chat
C:\Poker\Titan Poker\data\shared\sounds\dealervoices
C:\Poker\Titan Poker\data\shared\sounds\playersounds
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons
C:\Poker\Titan Poker\data\slots_globaltraveler20line\animation
C:\Poker\Titan Poker\data\slots_globaltraveler20line\betlines
C:\Poker\Titan Poker\data\slots_globaltraveler20line\bonus
C:\Poker\Titan Poker\data\slots_globaltraveler20line\sounds
C:\Poker\Titan Poker\data\slots_globaltraveler20line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus
C:\Poker\Titan Poker\data\slots_gold8line\fonts
C:\Poker\Titan Poker\data\slots_gold8line\sounds
C:\Poker\Titan Poker\data\slots_gold8line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus\screen
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable
C:\Poker\Titan Poker\data\table\3d
C:\Poker\Titan Poker\data\table\anim
C:\Poker\Titan Poker\data\table\chat
C:\Poker\Titan Poker\data\table\smallview
C:\Poker\Titan Poker\data\table\topview
C:\Poker\Titan Poker\data\table\chat\cards
C:\Poker\Titan Poker\data\table\smallview\anim
C:\Poker\Titan Poker\data\table\smallview\buttons
C:\Poker\Titan Poker\data\table\smallview\chat
C:\Poker\Titan Poker\data\table\smallview\coins
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\anim
C:\Poker\Titan Poker\data\table\topview\avatars
C:\Poker\Titan Poker\data\table\topview\buttons
C:\Poker\Titan Poker\data\table\topview\cards
C:\Poker\Titan Poker\data\table\topview\chat
C:\Poker\Titan Poker\data\table\topview\coins
C:\Poker\Titan Poker\data\table\topview\dialogs
C:\Poker\Titan Poker\data\table\topview\history
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\chat\chat_side
C:\Documents and Settings\login\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: lm3cdlep.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Eazel-FR Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-329068152-1390067357-725345543-1001\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

+---------------------------------------------------------------------------+

[~11663 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 15:05:09 | 17/02/2009
.
+-----------------| E.O.F - 244 Lines
.

   
Répondre à elm

13

ric025, le 17 fév 2009 à 16:36:59

Parfait!

Maintenant ceci:

! Déconnecte-toi et ferme toute application en cours !

Relance "Ad-remover" : au menu principal choisis l'option "B" .

A l'écran de sélection :


Tape sur "A" puis "Entrée" puis sur "S" et "Entrée".

Tape sur "o" pour accepter la suppression des éléments infectieux.


Le programme va travailler.



Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

/!\ Si le Bureau ne réapparait pas presse Ctrl +Alt +Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

   
Répondre à ric025

14

elm, le 17 fév 2009 à 17:43:57

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 15:02:59 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Documents and Settings\login\Bureau\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: KOSVOCORE
Current User: login - Administrator
Drive(s):
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3­cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0­FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2­3587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2­3587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\login\LOCALS~1\Temp\BoontyGames.0001

+-----------------| Eorezo Elements Found:

HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23F­DC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19­689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E105­6F87F4E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoE­ngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sof­twareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine­
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Software­helper
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\lang
C:\Documents and Settings\login\Application Data\EoRezo
C:\Documents and Settings\login\Application Data\EoRezo\db
C:\Documents and Settings\login\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\login\Application Data\EoRezo\SoftwareUpdate
C:\DOCUME~1\login\LOCALS~1\Temp\is-7DLEG.tmp\EoRezo
C:\Documents and Settings\emmy\Application Data\Eorezo
C:\Documents and Settings\emmy\Application Data\Eorezo\db
C:\Documents and Settings\emmy\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\login\Cookies\login@ads.eorezo[2].txt
C:\Documents and Settings\login\Cookies\login@eorezo[2].txt
C:\Documents and Settings\emmy\Cookies\emmy@eorezo[1].txt
C:\Documents and Settings\emmy\Cookies\emmy@soft.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Tit­an Poker
HKU\S-1-5-21-329068152-1390067357-725345543-1001\Software\Ti­tan Poker
.
C:\Poker\Titan Poker
C:\Poker\Titan Poker\data
C:\Poker\Titan Poker\data\blackjack
C:\Poker\Titan Poker\data\lobby
C:\Poker\Titan Poker\data\poker_caribbean
C:\Poker\Titan Poker\data\poker_holdem
C:\Poker\Titan Poker\data\poker_paigow
C:\Poker\Titan Poker\data\poker_tequila
C:\Poker\Titan Poker\data\roulette
C:\Poker\Titan Poker\data\shared
C:\Poker\Titan Poker\data\slots_globaltraveler20line
C:\Poker\Titan Poker\data\slots_gold8line
C:\Poker\Titan Poker\data\slots_millionaireslane20line
C:\Poker\Titan Poker\data\table
C:\Poker\Titan Poker\data\videopoker_4deuceswild
C:\Poker\Titan Poker\data\videopoker_deuceswild
C:\Poker\Titan Poker\data\videopoker_jacks
C:\Poker\Titan Poker\data\lobby\buttons
C:\Poker\Titan Poker\data\lobby\dialogs
C:\Poker\Titan Poker\data\lobby\login
C:\Poker\Titan Poker\data\lobby\sidegames
C:\Poker\Titan Poker\data\lobby\tables
C:\Poker\Titan Poker\data\lobby\waitinglist
C:\Poker\Titan Poker\data\roulette\3d
C:\Poker\Titan Poker\data\roulette\buttons
C:\Poker\Titan Poker\data\roulette\sounds
C:\Poker\Titan Poker\data\roulette\zoom
C:\Poker\Titan Poker\data\shared\9line
C:\Poker\Titan Poker\data\shared\blackjack
C:\Poker\Titan Poker\data\shared\buttons
C:\Poker\Titan Poker\data\shared\cards
C:\Poker\Titan Poker\data\shared\coins
C:\Poker\Titan Poker\data\shared\dollarball
C:\Poker\Titan Poker\data\shared\doublescreen
C:\Poker\Titan Poker\data\shared\fonts
C:\Poker\Titan Poker\data\shared\history
C:\Poker\Titan Poker\data\shared\html
C:\Poker\Titan Poker\data\shared\interface
C:\Poker\Titan Poker\data\shared\options
C:\Poker\Titan Poker\data\shared\sounds
C:\Poker\Titan Poker\data\shared\tablegames
C:\Poker\Titan Poker\data\shared\tablesigns
C:\Poker\Titan Poker\data\shared\ui
C:\Poker\Titan Poker\data\shared\videopoker_4line
C:\Poker\Titan Poker\data\shared\videopoker_deuces
C:\Poker\Titan Poker\data\shared\videopoker_jacks
C:\Poker\Titan Poker\data\shared\cards\poker
C:\Poker\Titan Poker\data\shared\cards\textures
C:\Poker\Titan Poker\data\shared\coins\tablecoins
C:\Poker\Titan Poker\data\shared\dollarball\sounds
C:\Poker\Titan Poker\data\shared\history\cards
C:\Poker\Titan Poker\data\shared\html\chat
C:\Poker\Titan Poker\data\shared\html\chat\emoticons
C:\Poker\Titan Poker\data\shared\interface\chat
C:\Poker\Titan Poker\data\shared\sounds\dealervoices
C:\Poker\Titan Poker\data\shared\sounds\playersounds
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons
C:\Poker\Titan Poker\data\slots_globaltraveler20line\animation
C:\Poker\Titan Poker\data\slots_globaltraveler20line\betlines
C:\Poker\Titan Poker\data\slots_globaltraveler20line\bonus
C:\Poker\Titan Poker\data\slots_globaltraveler20line\sounds
C:\Poker\Titan Poker\data\slots_globaltraveler20line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus
C:\Poker\Titan Poker\data\slots_gold8line\fonts
C:\Poker\Titan Poker\data\slots_gold8line\sounds
C:\Poker\Titan Poker\data\slots_gold8line\wintable
C:\Poker\Titan Poker\data\slots_gold8line\bonus\screen
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable
C:\Poker\Titan Poker\data\table\3d
C:\Poker\Titan Poker\data\table\anim
C:\Poker\Titan Poker\data\table\chat
C:\Poker\Titan Poker\data\table\smallview
C:\Poker\Titan Poker\data\table\topview
C:\Poker\Titan Poker\data\table\chat\cards
C:\Poker\Titan Poker\data\table\smallview\anim
C:\Poker\Titan Poker\data\table\smallview\buttons
C:\Poker\Titan Poker\data\table\smallview\chat
C:\Poker\Titan Poker\data\table\smallview\coins
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\anim
C:\Poker\Titan Poker\data\table\topview\avatars
C:\Poker\Titan Poker\data\table\topview\buttons
C:\Poker\Titan Poker\data\table\topview\cards
C:\Poker\Titan Poker\data\table\topview\chat
C:\Poker\Titan Poker\data\table\topview\coins
C:\Poker\Titan Poker\data\table\topview\dialogs
C:\Poker\Titan Poker\data\table\topview\history
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom
C:\Poker\Titan Poker\data\table\topview\chat\chat_side
C:\Documents and Settings\login\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: lm3cdlep.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Eazel-FR Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-329068152-1390067357-725345543-1001\..\Internet Explorer\Main]

SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

+---------------------------------------------------------------------------+

[~11663 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 15:05:09 | 17/02/2009
.
+-----------------| E.O.F - 244 Lines
.

   
Répondre à elm

15

ric025, le 17 fév 2009 à 17:53:38

Tu m'as remis le même rapport que tout à l'heure!

(Zen.....)

XDD

   
Répondre à ric025

16

elm, le 17 fév 2009 à 18:01:10

Oui dsl


------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 17:37:38 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Documents and Settings\login\Bureau\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: KOSVOCORE
Current User: login - Administrator
Drive(s):
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 52

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

Service: "Boonty Games"
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\System\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\Gogii\BabySitting\Boonty
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\login\LOCALS~1\Temp\BoontyGames.0001

+-----------------| Eorezo Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
.
C:\Program Files\EoRezo
C:\Documents and Settings\login\Application Data\EoRezo
C:\DOCUME~1\login\LOCALS~1\Temp\is-7DLEG.tmp\EoRezo
C:\Documents and Settings\emmy\Application Data\Eorezo
C:\Documents and Settings\login\Cookies\login@ads.eorezo[2].txt
C:\Documents and Settings\login\Cookies\login@eorezo[1].txt
C:\Documents and Settings\emmy\Cookies\emmy@eorezo[2].txt
C:\Documents and Settings\emmy\Cookies\emmy@soft.eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Deleted :

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
.
C:\Poker\Titan Poker
C:\Documents and Settings\login\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 2.0.0.20 ----

ProfilePath: lm3cdlep.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Eazel-FR Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-329068152-1390067357-725345543-1001\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://search.bearshare.com/sidebar.html?src=ssb
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~5470 Bytes] - "C:\Ad-Report-Clean-17.02.2009.log"
[~11797 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-
C:\Documents and Settings\login\Bureau\TOOLS\BACKUP\17.02.2009 - Prefs.js

End at: 17:41:11 | 17/02/2009
.
+-----------------| E.O.F - 120 Lines
.

   
Répondre à elm

17

ric025, le 17 fév 2009 à 18:04:57

Parfait!

Fais ceci:

Télécharge Malwarebytes Anti-Malware (MBAM):

MBAM

Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.

Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".

Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".

Poste le rapport généré.

A++ ;)

=============

   
Répondre à ric025

18

elm, le 17 fév 2009 à 18:27:05

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1770
Windows 5.1.2600 Service Pack 2

17/02/2009 18:27:33
mbam-log-2009-02-17 (18-27-33).txt

Type de recherche: Examen rapide
Eléments examinés: 62880
Temps écoulé: 4 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xbtb03387.ietoolbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{01d4fef7-2313-4999-86ef-cc06e0daff2b} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70f76008-a8d9-4d5f-abb7-3395612738f8} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70f76008-a8d9-4d5f-abb7-3395612738f8} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70f76008-a8d9-4d5f-abb7-3395612738f8} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03387.ietoolbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03387.xbtb03387 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb03387.xbtb03387.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb03387.xbtb03387toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Humour Toolbar\humour.dll (Adware.SoftMate) -> Quarantined and deleted successfully.

   
Répondre à elm

19

ric025, le 17 fév 2009 à 21:38:32

Ok! Comment va le pc? Un mieux?


Tu pourras faire ceci:

Redémarre le pc.

Ré-ouvre MBAM, va dans l'onglet "Quarantaine" et supprime tout.

===========

Fais ce petit nettoyage:

Télécharge CCleaner, version Slim, sans toolbar:

CCLEANER

Va dans "Options">>"Avancé". Décoche la première ligne.

Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

============

Puis pour vérifier si tu es encore infectée:


Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe.

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

A noter: Les rapports se trouvent également ici: C:\rsit.

/!\ Poste les deux rapports (log + info) dans deux messages séparés, merci /!\

   
Répondre à ric025

20

elm, le 18 fév 2009 à 14:41:06

Slt rico,
j'ai tetecharge cleeaner et tu m'as dis de décocher la ligne "cache de l'arrangement du menu" mais elle est déjà décochée. je fais quoi ?

   
Répondre à elm

21

ric025, le 18 fév 2009 à 14:43:38

Salut!

Non, décoche la première ligne. Je crois qu'elle dit: "Effacer uniquement les fichiers plus vieux de 48 heures" à peu de chose près. C'est celle-ci qu'il faut décocher.

A++

   
Répondre à ric025

22

elm, le 18 fév 2009 à 15:39:46

C'est quoi ces rapports???!! je te remercie infiniment pour ta patience et ton aide. voici le premier

Logfile of random's system information tool 1.05 (written by random/random)
Run by login at 2009-02-18 15:40:47
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 39 GB (77%) free of 50 GB
Total RAM: 255 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:52, on 18/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Ares\Ares.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\login\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\login.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asiaflash.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: DriverScanner.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 11623 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-01-15 525552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-26 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-11 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-11 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2007-12-30 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
P2P Torrent Toolbar - C:\Program Files\download-boosters\tbdow0.dll [2008-02-18 1555480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-11 2436160]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2007-12-30 806912]
{e4000b62-fa5d-4b39-b254-0a4c485aaf11} - P2P Torrent Toolbar - C:\Program Files\download-boosters\tbdow0.dll [2008-02-18 1555480]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-01-15 525552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2005-07-12 48752]
"vptray"=C:\PROGRA~1\Symantec AntiVirus\VPTray.exe [2005-08-18 85600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-02-26 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe [2009-01-15 632048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LClock"=C:\WINDOWS\lclock.exe [2004-12-08 65536]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-20 67128]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"L'Assistant DartyBox"=C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe [2007-06-05 151552]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-13 68856]
"ares"=C:\Program Files\Ares\Ares.exe [2007-12-31 962560]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Documents and Settings\login\Menu Démarrer\Programmes\Démarrage
BoontyBox 01net.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
DriverScanner.exe
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-08-18 43616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSMBalloonTip"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"
"C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe"="C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe:*:Enabled:Lecteur CANALPLAY Helper"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - edit -
.js - open -
.vbs - edit -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-18 15:39:32 ----D---- C:\rsit
2009-02-18 14:36:04 ----D---- C:\Program Files\CCleaner
2009-02-18 13:47:12 ----D---- C:\WINDOWS\nview
2009-02-18 13:47:12 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-02-18 13:46:49 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-02-18 03:16:41 ----HDC---- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-02-18 02:07:41 ----D---- C:\Program Files\Lavalys
2009-02-17 18:18:04 ----D---- C:\Documents and Settings\login\Application Data\Malwarebytes
2009-02-17 18:17:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-17 18:17:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-17 02:35:30 ----A---- C:\TB.txt
2009-02-17 01:48:55 ----D---- C:\ToolBar SD
2009-02-16 23:56:08 ----D---- C:\Program Files\Trend Micro
2009-02-16 20:12:08 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2009-02-16 01:47:07 ----D---- C:\Documents and Settings\login\Application Data\Uniblue
2009-02-16 01:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-02-16 00:43:46 ----D---- C:\Program Files\SystemRequirementsLab
2009-02-16 00:43:41 ----D---- C:\Documents and Settings\login\Application Data\SystemRequirementsLab
2009-02-13 23:30:12 ----A---- C:\WINDOWS\system32\XceedZip.dll
2009-02-13 21:22:26 ----D---- C:\NVIDIA
2009-02-13 20:51:33 ----D---- C:\Documents and Settings\login\Application Data\SecondLife
2009-02-13 20:50:43 ----D---- C:\Program Files\SecondLife

======List of files/folders modified in the last 1 months======

2009-02-18 15:33:54 ----D---- C:\Program Files\Mozilla Firefox
2009-02-18 15:30:26 ----D---- C:\WINDOWS\Temp
2009-02-18 15:30:26 ----D---- C:\WINDOWS
2009-02-18 14:36:04 ----RD---- C:\Program Files
2009-02-18 13:55:32 ----D---- C:\Program Files\Symantec AntiVirus
2009-02-18 13:54:23 ----D---- C:\Documents and Settings\login\Application Data\OpenOffice.org2
2009-02-18 13:49:50 ----D---- C:\WINDOWS\system32
2009-02-18 13:49:50 ----D---- C:\WINDOWS\Help
2009-02-18 13:47:44 ----HD---- C:\WINDOWS\inf
2009-02-18 13:47:02 ----D---- C:\WINDOWS\system32\drivers
2009-02-18 13:47:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-18 13:46:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-18 03:18:27 ----SHD---- C:\WINDOWS\Installer
2009-02-17 18:44:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-17 18:27:33 ----D---- C:\Program Files\Humour Toolbar
2009-02-17 17:40:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-17 17:38:47 ----D---- C:\Poker
2009-02-17 17:38:14 ----D---- C:\Program Files\Fichiers communs
2009-02-16 03:03:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-16 01:55:38 ----D---- C:\WINDOWS\system32\config
2009-02-14 00:07:51 ----D---- C:\Documents and Settings\login\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-07 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
R3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20090213.003\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20090213.003\navex15.sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2005-07-12 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2005-07-12 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-08-18 19552]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-11 168432]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-08-18 1736800]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-08-19 73796]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2005-07-12 83568]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-08-18 127584]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

   
Répondre à elm

23

elm, le 18 fév 2009 à 15:40:56

Et le 2ème

info.txt logfile of random's system information tool 1.05 2009-02-18 15:39:48

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Ad-remover-->C:\Documents and Settings\login\Bureau\Uninstal.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BearShare Applications\BearShare\UNWISE.EXE C:\PROGRA~1\BearShare Applications\BearShare\INSTALL.LOG
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
DartyBox-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A975AC1-1E5B-43B7-B42B-6E617B39C936}\setup.exe" -l0x40c
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
download-boosters Toolbar-->C:\PROGRA~1\download-boosters\UNWISE.EXE C:\PROGRA~1\download-boosters\INSTALL.LOG
eBay Toolbar-->C:\Program Files\InstallShield Installation Information\{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}\setup.exe -runfromtemp -l0x040c eBay Toolbar -removeonly
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
L'Assistant DartyBox-->C:\Program Files\Assistant Dartybox\L'Assistant DartyBox Uninstaller.exe
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E74559C2-BB47-45AD-83DD-0D66B67E7811}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}
OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9171.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Spider-->"C:\Program Files\Spider\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Live Toolbar-->MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}

======Security center information======

AV: Symantec AntiVirus Corporate Edition

System event log

Computer Name: KOSVOCORE
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 47302
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 47301
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 47300
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : en cours d'exécution.

Record Number: 47299
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Explorateur d'ordinateur.

Record Number: 47298
Source Name: Service Control Manager
Time Written: 20090113170151.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: KOSVOCORE
Event Code: 0
Message:
Record Number: 75434
Source Name: gusvc
Time Written: 20090211211915.000000+060
Event Type: Informations
User:

Computer Name: KOSVOCORE
Event Code: 35
Message: Le service 'Symantec Event Manager' a démarré.

Record Number: 75433
Source Name: ccEvtMgr
Time Written: 20090211211907.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 34
Message: Le service Symantec Event Manager démarre.

Record Number: 75432
Source Name: ccEvtMgr
Time Written: 20090211211906.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 35
Message: Le service 'Symantec Settings Manager' a démarré.

Record Number: 75431
Source Name: ccSetMgr
Time Written: 20090211211905.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: KOSVOCORE
Event Code: 34
Message: Le service Symantec Settings Manager démarre.

Record Number: 75430
Source Name: ccSetMgr
Time Written: 20090211211905.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

   
Répondre à elm

24

ric025, le 18 fév 2009 à 15:54:09

Bien.

Relance hijackthis. Choisis cette fois "Do a system scan only".

La liste créée, coche les lignes suivantes: 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb 

R3 - Default URLSearchHook is missing

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix:

O13 - Mosaic Prefix:

O13 - FTP Prefix:

O13 - Gopher Prefix:


Clique ensuite sur "Fix Checked".

================

Redémarre ton pc.

================

Reviens me mettre un nouveau rapport hijackthis en me précisant bien si tu as encore des soucis.

A++

   
Répondre à ric025

25

elm, le 18 fév 2009 à 16:42:44

Rico,

je n'ai pas eu le rapport d'hijackthis et quand j'ouvre firefox, il y a tjs eazel qui s'affiche avec cette adresse :

http://search.conduit.com/?ctid=CT2095689&SearchSource=13

j'ai beau configurer l'adresse internet ds le panneau de confi. , eazel revient à chaque fois que j'ouvre firefox

   
Répondre à elm

26

ric025, le 18 fév 2009 à 16:56:26

Je ne vois pas où se cache Eazel dans ton système.

Fais ceci:

Clique sur "Démarrer >> Rechercher". Tape EAZEL

Une fois la recherche terminée, supprime tout ce qui est en rapport avec ça.

=================

Puis pour hijackthis, il faut que tu le demandes toi-même le rapport. Lance hijackthis, fais "Do a system scan and save a logfile" et poste le rapport.

A++

   
Répondre à ric025

27

elm, le 18 fév 2009 à 17:08:33

J'ai rechercher eazel (je l'avais déjà fait) et rien trouvé. pas de résultat. voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:53, on 18/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lclock.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Ares\Ares.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asiaflash.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: DriverScanner.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?08ed86c99a6148b58f4f19618aaae21d
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 11354 bytes

   
Répondre à elm

28

ric025, le 18 fév 2009 à 17:17:29

Tu as essayé ceci dans firefox:

Outils >> Options >> Général

Puis tu cliques sur "Restaurer la configuration par défaut".

=======

Ou alors Outils >> Options >> Général

Et dans la case "Page d'accueil", tu effaces ce que tu as et tu tapes: http://google.fr

   
Répondre à ric025

29

elm, le 18 fév 2009 à 17:54:50

Oui j'ai déjà chercher dans "outils" et en plus je n'ai pas les cases que tu m'as dis de cocher. tant pis. encore une fois merci beaucoup pour ton aide et bonne fin de journée

   
Répondre à elm

30

 ric025, le 18 fév 2009 à 18:07:47

Bah! Ça vient peut-être de ta version piratée de Windows! XDD

A++

   
Répondre à ric025
Posez votre question Répondre
Ils ont besoin de votre aide