Logiciel mail.ru

Bonjour avojc.
Télécharge ceci,puis met le à jour,et ensuite fait une recherche complète.
Tiens moi au jus des résultats.
http://www.commentcamarche.net/download/telecharger-34055379-malwarebytes-anti-malware-free#q=malwarebytes&cur=1&url=%2F

je vien d'essayer de telecharger malwarebytes avec le lien ke tu ma donner mais je ni parvient pas je lais essayer avec 2 diffrents navigateur tjr rien. merci de ton aide

voici le rapport generer apres le scan. merci de ton aide

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7389

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

06-08-2011 08:42:16
mbam-log-2011-08-06 (08-42-16).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|W:\|)
Elément(s) analysé(s): 393787
Temps écoulé: 1 heure(s), 7 minute(s), 19 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

je ne croi pa ke le logiciel mai.ru soi parti car je le retrouve ds le local disk C:\ program files(x86)
lorske je fai des recherches sur google avec le nom du logiciel, le resultat ces kil es logiciel de ,messagerie russe. et en plus apres le scan pal malwarebytes jai retrouver la meme publicite en russe sur un site d'information . merci de ton aide

je sai ou il se trouve je voi le dossier mais je n'arrive pa a le supprimer. jai utiliser tuneup-utilities tuneup shredder et je recoi un message ki me di ke le le fichier es situer ds un sous repertoir du C:\program files (x86) et il pourrai etre un program installer et il recommande ke je le desinstalle via le control panel
le problm es ke jai essayer de le fer par le control panel car je voyai l'application mais il es tjrs la. merci de ton aide

voici le nom des differnt dossier
guardmailru.exe
guard
mail.ru

jai l'analyse avec ZHDiag et voici le rapport, merci de ton aide
http://cjoint.com/?AHgphRAUWBU

voici le rapport avec ZHPFix apres le nettoyage

Rapport de ZHPFix 1.12.3345 par Nicolas Coolman, Update du 29/07/2011
Fichier d'export Registre :
Run by JChristian at 09-08-2011 15:57:14
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Memory Process ==========
DELETE on Reboot Memory Process: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

========== Registry Key ==========
NOT FOUND Key: CLSID BHO: {D4027C7F-154A-4066-A1AD-4243D8127440}
DELETED Key: HKCU\Software\AppDataLow\Software\AskToolbar
DELETED Key: HKCU\Software\Ask.com
DELETED Key: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
NOT FOUND Key: HKLM\Software\Wow6432Node\Classes\AppID\GenericAskToolbar.DLL
DELETED Key: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
NOT FOUND Key: HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd
DELETED Key: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
NOT FOUND Key: HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1
DELETED Key: HKLM\Software\Classes\Wow6432Node\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
NOT FOUND Key: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
DELETED Key: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
NOT FOUND Key: HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
DELETED Key: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
DELETED Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
DELETED Key: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

========== Registry Value ==========
DELETED RunValue: ApnUpdater
DELETED RunValue: QuickTime Task
DELETED RunValue: WinampAgent
NOT FOUND RunValue: TkBellExe
DELETED [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {9F4274D1-D9F0-4A0A-BAC3-0A72A3BF7966}
DELETED FirewallRaz (Private) : TCP Query User{87BEB385-65DE-44AC-9697-0D951564E0E2}C:\users\jchristian\desktop\shoutcast-interface\console\sc_serv.exe
DELETED FirewallRaz (Private) : UDP Query User{06E7055B-1AAF-4BEA-A392-914765BCA89B}C:\users\jchristian\desktop\shoutcast-interface\console\sc_serv.exe

========== Registry Data Items ==========
REPLACED Value AntiVirusDisableNotify : Good (0) - Bad (1)
REPLACED Value FirewallDisableNotify : Good (0) - Bad (1)
REPLACED Value UpdatesDisableNotify : Good (0) - Bad (1)

========== Repertory ==========
DELETED Folder*: C:\Program Files\System
DELETED Folder: C:\Users\JChristian\AppData\Roaming\OpenCandy
DELETED Folder: C:\Users\JChristian\AppData\Local\OpenCandy
NOT FOUND C:\Program Files (x86)\Ask.com
DELETED Folder: c:\users\jchristian\appdata\roaming\mozilla\firefox\profiles\d7jt735u.default\extensions\dttoolbar@toolbarnet.com
DELETED Flash Cookies: 180
DELETED Window Temporary: : 906

========== File ==========
DELETED c:\program files (x86)\ask.com
NOT FOUND File: c:\program files (x86)\ask.com
NOT FOUND Folder/File: c:\users\jchristian\appdata\roaming\opencandy
NOT FOUND Folder/File: c:\users\jchristian\appdata\local\opencandy
NOT FOUND Folder/File: c:\program files (x86)\ask.com
DELETED Flash Cookies: 62
DELETED Window Temporary: : 2445

========== Hosts file ==========
Hosts File not cleaned

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
1 : Memory Process
19 : Registry Key
10 : Registry Value
3 : Registry Data Items
7 : Repertory
7 : File
1 : Hosts file
1 : Restoration


========== Report File ==========
C:\ZHP\ZHPFixReport.txt



End of the scan in 01mn 00s





voici le rapport Ad-remover

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 16:11:55 on 09/08/2011, Normal boot

Microsoft Windows 7 Ultimate (X64)
JChristian@JCHRISTIAN ( )

============== ACTION(S) ==============


Folder deleted: C:\Users\JChristian\AppData\Roaming\Mozilla\FireFox\Profiles\d7jt735u.default\extensions\toolbar@ask.com
File deleted: C:\Users\JChristian\AppData\Roaming\Mozilla\FireFox\Profiles\d7jt735u.default\searchplugins\askcom.xml
Folder deleted: C:\Users\JChristian\AppData\LocalLow\AskToolbar

(!) -- Temporary files deleted.


-- File opened: C:\Users\JChristian\AppData\Roaming\Mozilla\FireFox\Profiles\d7jt735u.default\Prefs.js --
Line deleted: user_pref("browser.search.defaultengine", "Ask.com");
Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");
Line deleted: user_pref("browser.search.order.1", "Ask.com");
Line deleted: user_pref("browser.search.selectedEngine", "Ask.com");
Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000");
Line deleted: user_pref("extensions.asktb.cbid", "RX");
Line deleted: user_pref("extensions.asktb.config-updated", true);
Line deleted: user_pref("extensions.asktb.crumb", "2011.07.08+00.06.52-toolbar007iad-IN-QmFuZ2Fsb3JlLEluZGlh");
Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYIN");
Line deleted: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Line deleted: user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&s...
Line deleted: user_pref("extensions.asktb.fresh-install", false);
Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...
Line deleted: user_pref("extensions.asktb.l", "dis");
Line deleted: user_pref("extensions.asktb.last-config-req", "1312835520563");
Line deleted: user_pref("extensions.asktb.locale", "en_US");
Line deleted: user_pref("extensions.asktb.o", "15180");
Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line deleted: user_pref("extensions.asktb.qsrc", "2871");
Line deleted: user_pref("extensions.asktb.r", "3");
Line deleted: user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=...
Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);
Line deleted: user_pref("extensions.asktb.silent-upgrade", true);
Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line deleted: user_pref("extensions.asktb.socialmini-first", true);
Line deleted: user_pref("extensions.asktb.socialmini-interval", "1200000");
Line deleted: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line deleted: user_pref("extensions.asktb.socialmini-max-items", "30");
Line deleted: user_pref("extensions.asktb.socialmini-native-on", true);
Line deleted: user_pref("extensions.asktb.socialmini-speed", "5000");
Line deleted: user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line deleted: user_pref("extensions.asktb.v", "3.12.2.100006");
Line deleted: user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-...
Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-...
Line deleted: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15180&locale=en...
Line deleted: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=k...
-- File closed --


Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key deleted: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key deleted: HKLM\Software\AskToolbar
Key deleted: HKLM\Software\Conduit
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [5.0 (en-US)] ****

Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\npdnu.dll (AOL LLC)
Plugins\npdnupdater2.dll (AOL LLC)
Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 (x)
HKLM_MozillaPlugins\Adobe Reader (x)
HKLM_MozillaPlugins\NitroPDF (x)
Searchplugins\amazondotcom.xml (hxxp://www.amazon.com/exec/obidos/external-search/)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\eBay.xml (hxxp://rover.ebay.com/rover/1/711-47294-18009-3/4)
Searchplugins\wikipedia.xml (hxxp://en.wikipedia.org/wiki/Special:Search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

-- C:\Users\JChristian\AppData\Roaming\Mozilla\FireFox\Profiles\d7jt735u.default --
Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} (Winamp Toolbar)
Extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489} (SHOUTcast Radio Toolbar)
Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} (??????? @Mail.Ru)
Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} (SweetIM Toolbar for Firefox)
Searchplugins\aol-web-search.xml (?)
Searchplugins\mailru---.xml (?)
Searchplugins\sweetim.xml (?)
Prefs.js - browser.search.defaulturl, hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chro...
Prefs.js - browser.startup.homepage, hxxp://www.google.com
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Google Chrome Version [12.0.742.122] ****

Extension\jfmjfhklogoienhpfnppmbcbjfjnkonk (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx) (?)
Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx) (?)

-- C:\Users\JChristian\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.com/
Preferences - homepage_is_newtabpage: false

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{14f0d511-36a2-41ca-ae01-ba4f87282c97} - "SHOUTcast Toolbar Search Class" (C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll)
HKLM_URLSearchHooks|{14f0d511-36a2-41ca-ae01-ba4f87282c97} - "SHOUTcast Toolbar Search Class" (C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll)
HKLM_URLSearchHooks|{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - "Winamp Toolbar Search Class" (C:\Program Files (x86)\Winamp Toolbar\winamptb.dll)
HKCU_SearchScopes\{F87FC392-D7A4-480D-AAFA-F00E67E9016E} - "?" (?)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_Toolbar\WebBrowser|{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} (C:\Program Files (x86)\Winamp Toolbar\winamptb.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} (C:\Program Files (x86)\Winamp Toolbar\winamptb.dll)
HKLM_Toolbar|{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} (C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\Common Files\DivX Shared\DesktopService\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{7BD9A644-9DC6-42be-8872-CBF5524276BD} - C:\Program Files (x86)\Common Files\Software Update Utility\dnu.exe (AOL LLC)
HKLM_ElevationPolicy\{a8c2644d-bf72-4a89-a88c-d85f565f2f46} - c:\program files (x86)\winamp toolbar\winamptbServer.exe (AOL Inc.)
HKLM_ElevationPolicy\{ADADAEE2-457A-4984-A57C-E01C3A2BA612} - c:\program files (x86)\shoutcast radio toolbar\SHOUTcastTbServer.exe (AOL LLC)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - "Barre de recherche Encarta" (?)
BHO\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - "Winamp Toolbar Loader" (C:\Program Files (x86)\Winamp Toolbar\winamptb.dll)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll)
BHO\{5FF49FE8-B332-4CB9-B102-FB6951629E55} - "Virtual Storage Mount Notification" (C:\Windows\SysWOW64\CbFsMntNtf3.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "FDMIECookiesBHO Class" (C:\Program Files (x86)\Free Download Manager\iefdm2.dll)
BHO\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} - "SHOUTcast Loader" (C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 220 File(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 09/08/2011 16:12:20 (12546 Byte(s))

End at: 16:13:14, 09/08/2011

============== E.O.F ==============


merci de votre aide

voici le rapport apres analyse ZHPDiag merci de votre aide


http://www.cijoint.fr/cjlink.php?file=cj201108/cij54KRyqx.txt

Salut,

jacques.gache m'a demandé de continuer avec toi :)

Redémarre ton PC, lance ZHPDiag depuis le bureau de ton PC ensuite tu cliques sur l'onglet vert (Flèche bas) pour faire la mise à jour puis tu prépare un nouveau rapport ZHPDiag ( à l'héberger)

@+

ok voici le nouveau rapport apres le redemarrage de la machine et de la mise a jour de ZHPDiag. merci de votre aide

http://cjoint.com/?AHjnHMgB9kF

Re,
1/
Télécharge ZHPFixScript.txt sur ton bureau depuis ce lien :
http://www.cijoint.fr/cjlink.php?file=cj201108/cijCnSNhuE.txt
Lance ZHPFix et clique sur le H (coller les lignes helpers)
Fait un glisser/déposer de ZHPFixScript.txt dans ZHPFix
Clique sur le bouton GO
Héberge le rapport et donne le lien

2/
* Télécharge OTM (OldTimer) sur ton Bureau

ICI >> OTM (OldTimer)
* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :



:files
C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
:Reg

[-HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] => Infection PUP (Spyware.Soft2PC)
[-HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]

:commands
[emptytemp]
[Reboot]



- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

@+

je vien s'essayer de telecharger ZHPFixScript.txt a l'adresse ke tu ma donner http://www.cijoint.fr/cjlink.php?file=cj201108/cijCnSNhuE.txt mais on me di ke l'apercu es nom disponible. merci de votre aide

Re,

Tu cliques sue ce lien: http://www.cijoint.fr/cjlink.php?file=cj201108/cijCnSNhuE.txt , tu ouvres ZHPFixScript1, tu enregistres ce fichier sous le nom : ZHPFixScript puis tu fais ceci :

Fait un glisser/déposer de ZHPFixScript.txt dans ZHPFix
Clique sur le bouton GO
Héberge le rapport et donne le lien

Refais la procedure stp puis passe à 2/ comme déjà expliqué


_ _ _ _ Fish66_ _ _ I'''''''""""""I_ _ _ Fish66_ _ _I'''''''""""""I_ _ _ Fish66_ _ _ _
¤¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience....¤¤¤¤

excuse moi pr ce tps ke jai mis pr te donner la suite. merci de votre aide

http://cjoint.com/?AHjvsOVQB74


voici le rapport avec OTM


All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] => Infection PUP (Spyware.Soft2PC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] => Infection PUP (Spyware.Soft2PC\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: JChristian
->Temp folder emptied: 7844844 bytes
->Temporary Internet Files folder emptied: 364073973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60733132 bytes
->Google Chrome cache emptied: 361194541 bytes
->Opera cache emptied: 14698744 bytes
->Flash cache emptied: 7801 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1789837 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 159227 bytes

Total Files Cleaned = 773.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08102011_004001

Files moved on Reboot...
C:\Users\JChristian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Windows\temp\klsC6E5.tmp not found!

Registry entries deleted on Reboot...

Re,
1/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
M3 - MFPP: Plugins - [JChristian] -- C:\Users\JChristian\AppData\Roaming\Mozilla\Firefox\Profiles\d7jt735u.default\searchplugins\aol-web-search.xml
M3 - MFPP: Plugins - [JChristian] -- C:\Users\JChristian\AppData\Roaming\Mozilla\Firefox\Profiles\d7jt735u.default\searchplugins\daemon-search.xml
M3 - MFPP: Plugins - [JChristian] -- C:\Users\JChristian\AppData\Roaming\Mozilla\Firefox\Profiles\d7jt735u.default\searchplugins\mailru---.xml
M3 - MFPP: Plugins - [JChristian] -- C:\Users\JChristian\AppData\Roaming\Mozilla\Firefox\Profiles\d7jt735u.default\searchplugins\sweetim.xml
M2 - MFEP: prefs.js [JChristian - d7jt735u.default\{0b38152b-1b20-484d-a11f-5e04a9b0661f}] [] Winamp Toolbar v (.AOL Inc..)
M2 - MFEP: prefs.js [JChristian - d7jt735u.default\{EEE6C361-6118-11DC-9C72-001320C79847}] [] SweetIM Toolbar for Firefox v1.2.0.2 (.SweetIM Technologies LTD..)
O4 - HKLM\..\Wow6432Node\Run: [NokiaMServer] Orphean Key
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [zuluShakeIcon] (...) -- C:\Program Files (x86)\NCH Software\Zulu\Zulu.exe (.not file.)

FirewallRAZ
EmptyTemp
EmptyFlash



Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.

2/
Pour bien vérifier que les fichiers ci-dessous sont infectés rend toi sur ce site

Virus Total

Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir"

apres chaque analyse :

C:\Program Files (x86)\Tittosystems.inc\poob FM\poobfm.exe



* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation

actuelle : en cours d'analyse" est affiché.

* Il est possible que le fichier soit mis en file d'attente en raison d'un grand

nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser

la page.

* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine

réponse.



@+

voici le resultat de l'analyse avec zhpfix

Rapport de ZHPFix 1.12.3345 par Nicolas Coolman, Update du 29/07/2011
Fichier d'export Registre :
Run by JChristian at 10-08-2011 01:20:58
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Registry Value ==========
NOT FOUND RunValue: NokiaMServer
NOT FOUND RunValue: SweetIM
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :

========== Registry Data Items ==========
REPLACED Value UacDisableNotify : Good (0) - Bad (1)
REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)
REPLACED Value EnableLUA : Good (1) - Bad (0)

========== Repertory ==========
DELETED Window Temporary: : 14
DELETED Flash Cookies: 4

========== File ==========
DELETED c:\users\jchristian\appdata\roaming\mozilla\firefox\profiles\d7jt735u.default\searchplugins\aol-web-search.xml
DELETED c:\users\jchristian\appdata\roaming\mozilla\firefox\profiles\d7jt735u.default\searchplugins\daemon-search.xml
DELETED c:\users\jchristian\appdata\roaming\mozilla\firefox\profiles\d7jt735u.default\searchplugins\mailru---.xml
NOT FOUND File: c:\users\jchristian\appdata\roaming\mozilla\firefox\profiles\d7jt735u.default\searchplugins\sweetim.xml
NOT FOUND File: c:\program files (x86)\sweetim\messenger\sweetim.exe
DELETED Window Temporary: : 98
DELETED Flash Cookies: 4

========== Task ==========
NOT FOUND Task: Scheduled Update for Ask Toolbar
DELETED Task: zuluShakeIcon


========== Summary ==========
4 : Registry Value
3 : Registry Data Items
2 : Repertory
7 : File
2 : Task


========== Report File ==========
C:\ZHP\ZHPFixReport.txt



End of the scan in 00mn 17s
et voici le lien de la page apres analyse avec virus merci de ton aide

http://www.virustotal.com/file-scan/report.html?id=0e4499275fd42f9df7cd6af04b0507bf4fc2e74c06b8e4f724f61f3cffaa6ea0-1312919533

Re,

Prépare stp un nouveau rapport ZHPDiag

@+

voici le nouveau rapport ZHPDiag merci de ton aide

http://cjoint.com/?AHkizINdewB

Re,
1/
Copie tout le texte présent ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}]    => Infection PUP (Spyware.Soft2PC)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (...) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (.not file.)    => SweetIM Toolbar
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar    => Toolbar.DaemonTools
O42 - Logiciel: Winamp Toolbar - (.Unknown owner.) [HKLM] -- Winamp Toolbar    => Toolbar.WinAmp
O43 - CFD: 07-07-2011 - 17:09:38 - [50863] ----D- C:\ProgramData\Winamp Toolbar    => Toolbar.WinAmp
O43 - CFD: 02-08-2011 - 10:59:12 - [6950891] ----D- C:\Program Files (x86)\SweetIM    => Toolbar.SweetIM
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}]    => Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}]    => Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]    => Toolbar.Ask
[HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847}]    => Toolbar.SweetIM
[HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}]    => Toolbar.SweetIM
C:\ProgramData\Winamp Toolbar    => Toolbar.WinAmp
C:\Program Files (x86)\SweetIM    => Toolbar.SweetIM
[MD5.276AC7BAE1F596A3A1D4B6D43AEF099C] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe   [399736]
[MD5.00000000000000000000000000000000] [APT] [zuluShakeIcon] (...) -- C:\Program Files (x86)\NCH Software\Zulu\Zulu.exe (.not file.)
O43 - CFD: 10-08-2011 - 02:02:52 - [0] ----D- C:\Users\JChristian\AppData\Local\{1A616E32-C770-47F4-967E-DA8D3F9D3EAD}
O43 - CFD: 10-08-2011 - 02:02:36 - [0] ----D- C:\Users\JChristian\AppData\Local\{35C9558B-561C-4174-89BB-2415948FB37F}

FirewallRAZ
EmptyTemp
EmptyFlash

Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.

2/ ensuite

Redémarre ton PC, lance ZHPDiag depuis ton bureau, clique sur l'onglet vert (flèche bas) pour faire la mise à jour puis prépare un dernier rapport ZHPDiag avant de finaliser!

@+

voici le rapport ZHPFix

Rapport de ZHPFix 1.12.3347 par Nicolas Coolman, Update du 09/08/2011
Fichier d'export Registre :
Run by JChristian at 10-08-2011 18:59:28
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Software ==========
NOT FOUND Software Key: DAEMON Tools Toolbar
NOT FOUND Software Key: Winamp Toolbar

========== Registry Key ==========
DELETED Key: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
NOT FOUND Key: CLSID BHO: {EEE6C35C-6118-11DC-9C72-001320C79847}
DELETED Key: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
DELETED Key: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
DELETED Key: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
DELETED Key: HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847}
DELETED Key: HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}

========== Registry Value ==========
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {56EEC60B-BF41-4C28-82BA-E633C1B93310}
DELETED FirewallRaz (None) : {0111006F-7902-4D8F-83A9-228BC8882CA9}

========== Repertory ==========
DELETE on Reboot Folder**: C:\ProgramData\Winamp Toolbar
DELETE on Reboot Folder**: C:\Program Files (x86)\SweetIM
DELETED Folder: C:\Users\JChristian\AppData\Local\{1A616E32-C770-47F4-967E-DA8D3F9D3EAD}
DELETED Folder: C:\Users\JChristian\AppData\Local\{35C9558B-561C-4174-89BB-2415948FB37F}
DELETED Window Temporary: : 32
DELETED Flash Cookies: 15

========== File ==========
NOT FOUND File: c:\program files (x86)\sweetim\toolbars\internet explorer\mgtoolbarie.dll
DELETED File: c:\program files (x86)\utorrent\utorrent.exe
DELETED Window Temporary: : 339
DELETED Flash Cookies: 7

========== Task ==========
DELETED Task: zuluShakeIcon


========== Summary ==========
8 : Registry Key
4 : Registry Value
6 : Repertory
4 : File
2 : Software
1 : Task


========== Report File ==========
C:\ZHP\ZHPFixReport.txt



End of the scan in 01mn 13s


et le rapport ZHPDiag


http://cjoint.com/?AHkpVJphjmj

merci de ton aide