FOND D'ECRAN BLEU WINDOW WARNING ! [Résolu]

Salut

commence par désinstaller virus keeper


ensuite :


Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

ok jt'envoie sa de suite thaks :) ! a tte

c'est une infection vundo encore ?

la plupart du temps, quand le fond d'écran est bleu avec un faux message d'alerte, c'est souvent une infection vundo qui en est responsable...c'est pour ça que je pose cette question, c'est juste pour en être sûr.

c est un rogue :

O4 - HKLM\..\Run: [SMrhcv8lj0ee3r] C:\Program Files\rhcv8lj0ee3r\rhcv8lj0ee3r.exe

--->un faux antivirus

oui, ca je m'en doute que c'est un rogue, il ne faut surtout pas cliquer dessus évidement, sinon c'est le début des ennuis...

voila le rapport chiquitine :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1165
Windows 5.1.2600 Service Pack 3

17/09/2008 21:45:21
mbam-log-2008-09-17 (21-45-21).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 116087
Temps écoulé: 23 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcv8lj0ee3r (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\rhcv8lj0ee3r\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\blphcr8lj0ee3r.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\blphcr8lj0ee3r.scr.2 (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\blphcr8lj0ee3r.scr.3 (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\Quarantaine\blphcr8lj0ee3r.scr.4 (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcr8lj0ee3r.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lphcr8lj0ee3r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcr8lj0ee3r.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

réouvre malewarebyte
va sur quarantaine
supprime tout

refais un scan hijackthis et post le rapport

voila j'ai delete tout ce qu'il y avait dans la quarantaines voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:37, on 17/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


! Déconnectes toi et fermes toutes applications en cours !

* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
* Au menu principal choisi l'option "A"
--> Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

F --------- Logfile of AD-Remover 1.0.1.7 by C_XX ---------

START at: 22:01:59 | 17/09/2008
ON: Windows_NT (Windows XP)
OPTION: Scan
EXECUTED FROM: C:\Documents and Settings\propri‚taire\Bureau\Ad-remover\AD-Remover.bat
USER: propri‚taire | PC: 100709540323
BOOT MODE: Normal
DRIVE(S): C:\

--------- [ PROCESSES ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\WScript.exe

---------------------------- [ 33 ]


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> CHECKING SERVICES


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> REGISTRY

Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search"
Found ! - "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
Found ! - "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
Found ! - "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
Found ! - "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> FILES\FOLDERS

Found ! - "C:\Program Files\EoRezo"
Found ! - "C:\Documents and Settings\propri‚taire\Application Data\EoRezo"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@mywebsearch[1].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@eorezo[1].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@eorezo[3].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache.eorezo[1].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache0.eorezo[1].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache0.eorezo[2].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache1.eorezo[1].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache1.eorezo[2].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache2.eorezo[1].txt"
Found ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache3.eorezo[2].txt"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye11.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye21.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye28.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye2D.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye3D1.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO10.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO11.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO12.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO14.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO15.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO36.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Div56F.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\GGS6C.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\is-5Q1HI.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\is-9RDR5.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR10.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR11.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR12.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR13.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR2C.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR2D.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR8.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR9.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARC.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARD.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARE.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARF.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod3.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod44A.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod5B.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod84.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pft13D.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pft3B.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-1"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-10"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-11"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-12"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-13"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-14"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-15"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-16"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-17"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-18"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-19"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-2"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-20"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-21"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-22"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-23"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-24"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-25"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-26"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-27"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-28"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-29"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-3"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-30"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-31"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-32"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-33"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-34"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-35"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-36"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-37"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-38"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-39"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-4"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-40"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-41"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-42"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-43"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-44"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-45"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-46"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-47"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-48"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-49"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-5"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-50"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-51"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-52"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-53"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-54"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-55"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-56"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-57"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-58"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-59"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-6"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-60"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-61"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-62"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-63"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-64"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-65"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-66"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-67"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-68"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-69"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-7"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-70"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-71"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-8"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-9"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Set42.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\TDSS8627.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\tmp33718.WMC"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF41BD.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF4ECF.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF57BE.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8A2D.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8C4D.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFD56A.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFDEB8.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFEB4C.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF592.tmp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ff_temp"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour viruskeeper2008pro.zip"
Found ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\TempFolder.aaa"
Found ! - "C:\WINDOWS\temp\IXP00786.tmp"
Found ! - "C:\WINDOWS\temp\IXP00D08.tmp"
Found ! - "C:\WINDOWS\temp\ZAP1.tmp"
Found ! - "C:\WINDOWS\temp\ZAP10.tmp"
Found ! - "C:\WINDOWS\temp\ZAP11.tmp"
Found ! - "C:\WINDOWS\temp\ZAP12.tmp"
Found ! - "C:\WINDOWS\temp\ZAP13.tmp"
Found ! - "C:\WINDOWS\temp\ZAP14.tmp"
Found ! - "C:\WINDOWS\temp\ZAP15.tmp"
Found ! - "C:\WINDOWS\temp\ZAP17.tmp"
Found ! - "C:\WINDOWS\temp\ZAP2.tmp"
Found ! - "C:\WINDOWS\temp\ZAP23B.tmp"
Found ! - "C:\WINDOWS\temp\ZAP29.tmp"
Found ! - "C:\WINDOWS\temp\ZAP2A.tmp"
Found ! - "C:\WINDOWS\temp\ZAP2B.tmp"
Found ! - "C:\WINDOWS\temp\ZAP3.tmp"
Found ! - "C:\WINDOWS\temp\ZAP381.tmp"
Found ! - "C:\WINDOWS\temp\ZAP4.tmp"
Found ! - "C:\WINDOWS\temp\ZAP5.tmp"
Found ! - "C:\WINDOWS\temp\ZAP6.tmp"
Found ! - "C:\WINDOWS\temp\ZAP7.tmp"
Found ! - "C:\WINDOWS\temp\ZAP8.tmp"
Found ! - "C:\WINDOWS\temp\ZAP9.tmp"
Found ! - "C:\WINDOWS\temp\ZAPA.tmp"
Found ! - "C:\WINDOWS\temp\ZAPB.tmp"
Found ! - "C:\WINDOWS\temp\ZAPC.tmp"
Found ! - "C:\WINDOWS\temp\ZAPD.tmp"
Found ! - "C:\WINDOWS\temp\ZAPE.tmp"
Found ! - "C:\WINDOWS\temp\ZAPF.tmp"
Found ! - "C:\WINDOWS\temp\Fichiers Internet temporaires"
Found ! - "C:\WINDOWS\temp\Temporary Internet Files"
Found ! - "C:\WINDOWS\temp\TempRec"

+---- Scanning prefs.js ... ( # Mozilla User Preferences ) ----+

C:\Documents and Settings\propri‚taire\Application Data\Mozilla\Firefox\Profiles\1ct98dvc.default\prefs.js :

STARTPAGE: "http://www.lo.st"

+-----+


+--------------------------------------------------------------+


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [ EOF - 239 lines ]

[ END at: 22:02:28 | 17/09/2008 ] - [ Time elapsed: 29.7 seconds ]

! Déconnectes toi et fermes toutes applications en cours !

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

F --------- Logfile of AD-Remover 1.0.1.7 by C_XX ---------

START at: 22:10:08 | 17/09/2008
ON: Windows_NT (Windows XP)
OPTION: Clean
EXECUTED FROM: C:\Documents and Settings\propri‚taire\Bureau\Ad-remover\AD-Remover.bat
USER: propri‚taire | PC: 100709540323
BOOT MODE: Normal
DRIVE(S): C:\


--------- [ PROCESSES ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\WScript.exe

---------------------------- [ 37 ]


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> CHECKING SERVICES


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> REGISTRY

Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search"
Deleted ! - "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
Deleted ! - "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
Deleted ! - "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
Deleted ! - "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> FILES\FOLDERS

Deleted ! - "C:\Program Files\EoRezo"
Deleted ! - "C:\Documents and Settings\propri‚taire\Application Data\EoRezo"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@mywebsearch[1].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@eorezo[1].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@eorezo[3].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache.eorezo[1].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache0.eorezo[1].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache0.eorezo[2].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache1.eorezo[1].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache1.eorezo[2].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache2.eorezo[1].txt"
Deleted ! - "C:\Documents and Settings\propri‚taire\Cookies\propri‚taire@scache3.eorezo[2].txt"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye11.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye21.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye28.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye2D.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\bye3D1.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO10.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO11.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO12.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO14.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO15.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\DIO36.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Div56F.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\GGS6C.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\is-5Q1HI.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\is-9RDR5.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR10.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR11.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR12.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR13.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR2C.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR2D.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR8.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MAR9.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARC.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARD.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARE.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\MARF.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod3.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod44A.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod5B.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mod84.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pft13D.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pft3B.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-1"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-10"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-11"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-12"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-13"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-14"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-15"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-16"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-17"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-18"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-19"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-2"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-20"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-21"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-22"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-23"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-24"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-25"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-26"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-27"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-28"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-29"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-3"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-30"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-31"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-32"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-33"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-34"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-35"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-36"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-37"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-38"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-39"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-4"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-40"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-41"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-42"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-43"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-44"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-45"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-46"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-47"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-48"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-49"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-5"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-50"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-51"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-52"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-53"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-54"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-55"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-56"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-57"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-58"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-59"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-6"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-60"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-61"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-62"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-63"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-64"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-65"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-66"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-67"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-68"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-69"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-7"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-70"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-71"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-8"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\plugtmp-9"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Set42.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\TDSS8627.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\tmp33718.WMC"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF41BD.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF4ECF.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF57BE.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8A2D.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8C4D.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFD56A.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFDEB8.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFEB4C.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF592.tmp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ff_temp"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour viruskeeper2008pro.zip"
Deleted ! - "C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\TempFolder.aaa"
Deleted ! - "C:\WINDOWS\temp\IXP00786.tmp"
Deleted ! - "C:\WINDOWS\temp\IXP00D08.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP1.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP10.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP11.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP12.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP13.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP14.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP15.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP17.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP2.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP23B.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP29.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP2A.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP2B.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP3.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP381.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP4.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP5.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP6.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP7.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP8.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAP9.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAPA.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAPB.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAPC.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAPD.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAPE.tmp"
Deleted ! - "C:\WINDOWS\temp\ZAPF.tmp"
Deleted ! - "C:\WINDOWS\temp\Fichiers Internet temporaires"
Deleted ! - "C:\WINDOWS\temp\Temporary Internet Files"
Deleted ! - "C:\WINDOWS\temp\TempRec"


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [ EOF - 234 lines ]

[ END at: 22:15:59 | 17/09/2008 ] - [ Time elapsed: 5 minutes, 50 seconds ]


Hijackthis ::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:51, on 17/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

Supprime AD-REMOVER

réouvre hijackthis
fais scan only
coches ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

tu les coches et tu clic sur fix checked


ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):


http://download.piriform.com/ccsetup210.exe

http://www.01net.com/...

-> Tuto : http://www.malekal.com/tutorial_CCleaner.php


ensuite : désinstal java car pas a jours et telecharge et instal cette version

ensuite:

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/TC/ToolsCleaner2.exe

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.


(2) Activer la Restauration du système


cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.


Tuto xp : http://service1.symantec.com/...

chiquitine merci de m'avoir accorder du temps je fini ce que tu ma dit de faire c un peu long :) mais jt'envoi sa

ok pas de soucis

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\propriétaire\Mes documents\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\propriétaire\Mes documents\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!

si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu

Il y a pas les case pour que je coches résolu ???

ah t es pas inscrit c est pour ça, c est pas grave

@+++

@++++++++++++ et GRAND MERCI !!!!!!!!!!!!!