gaelle2805

Voici le rapport de Delfix : # DelFix v7.5 - Rapport créé le 18/03/2011 à 17:32 # Mis à jour le 15/03/11 à 16h30 par Xplode # Système d'exploitation : Windows Vista Home Basic (32 bits) [version 6.0.6002] Service Pack 2 # Nom d'utilisateur : Gaëlle - PC-SOUS-SOL (Administrateur) # Exécuté depuis : E:\Documents and Settings\Gaëlle\Mes documents\DelFix.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ Supprimé : C:\Program Files\Ad-Remover Supprimé : C:\Program Files\ZHPDiag Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\Ad-Report-CLEAN[1].txt Supprimé : C:\ZHPExportRegistry-16-03-2011-10-38-37.txt Supprimé : C:\Users\Gaëlle\Desktop\AD-R - Raccourci.lnk Supprimé : C:\Users\Gaëlle\Desktop\AD-R.lnk Supprimé : C:\Users\Gaëlle\Desktop\ZHPDiag.txt Supprimé : C:\Users\Gaëlle\Desktop\ZHPDiag2.exe Supprimé : C:\Users\Gaëlle\Desktop\ZHPFixReport.txt Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\SOFTWARE\Ad-Remover Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe ~~~~~~ Autre ~~~~~~ -> Prefetch vidé ########## EOF - "C:\DelFixSuppr.txt" - [1685 octets] ########## J'ai bien fait le nouveau point de restauration. Et mes page internet ne sont plus détournées. Merci pour tout Bernard. Au revoir. Je ne te dis pas à bientôt sinon ça voudrait dire que j'ai encore des problèmes. Au revoir.

Bonjour J'ai effectué les manips sur les navigateurs et pour l'instant tout a l'air de marcher convenablement. J'espère que c'est la bonne cette fois. Donc si on a fini que dois-je supprimer ou garder comme logiciels ? Merci pour tout Bernard.

Désolée mais je me suis réjouie trop vite. Ma page pour venir sur zebulon a encore été détournée par adds by qualityadds, je ne suis pas sûre du nom exact mais c'est dans le genre. Donc les problèmes continuent. Que faire s'il te plait ?

A première vue je dois dire que mes pages de navigation sont conformes à ce que je veux. Tout semble être rentré dans l'ordre. Pour ce qui est des programmes que tu m'as fait installer, lesquels puis-je supprimer ? Lesquels dois-je garder ? Je te remercie beaucoup de ton aide et de ta rapidité de réponse. Bonne journée.

Bonjour Bernard, Voici le rapport ZHPFix mais il ne m'a pas demandé de redémarrer. Rapport de ZHPFix 1.12.3260 par Nicolas Coolman, Update du 11/03/2011 Fichier d'export Registre : C:\ZHPExportRegistry-16-03-2011-10-38-37.txt Run by Gaëlle at 16/03/2011 10:38:37 Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Clé(s) du Registre ========== O23 - Service: (KMService) . (...) - C:\Windows\system32\srvany.exe => Clé supprimée avec succès O23 - Service: (Microsoft SharePoint Workspace Audit Service) - Clé orpheline => Clé supprimée avec succès O23 - Service: (NMIndexingService) - Clé orpheline => Clé supprimée avec succès O64 - Services: CurCS - C:\Users\Emmanuel\AppData\Local\Temp\nenum13E.sys (.not file.) - nenum13E (nenum13E) .(...) - LEGACY_NENUM13E => Clé supprimée avec succès SS - | Auto 18/04/2003 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe => Clé absente ========== Valeur(s) du Registre ========== FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile" FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile" FirewallRaz (Private) : TCP Query User{F042BF7D-23CB-481A-9C00-67964F390D65}C:\program files\nero\nero8\nero showtime\showtime.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{8FF46A00-8D20-4C7A-AF63-DEF3FB42C3A2}C:\program files\nero\nero8\nero showtime\showtime.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{63AD09EF-4FEF-46D1-86A1-3C16D0850807}C:\program files\nero\nero 9\nero showtime\showtime.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{9960FBEF-9C3B-4114-A6CC-EE0573459A45}C:\program files\nero\nero 9\nero showtime\showtime.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{EF622C78-3159-459B-93A7-2419C5548D8F}C:\program files\limewire\limewire.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{8CC9C16B-2F92-445B-8C34-24FDC04DD736}C:\program files\limewire\limewire.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{09523A1F-3A1D-4DB8-8B6D-A8372BFE357E}C:\program files\nero\nero8\nero home\nerohome.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{CCD4D668-E408-4E5A-B1A7-B683E902C926}C:\program files\nero\nero8\nero home\nerohome.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{96DFF4F6-1178-459A-8ADB-3611631CB050}C:\program files\ea sports\f1 challenge 99-02\f1 challenge 99-02.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{153FD088-CECC-47E6-ABA2-D328744A845B}C:\program files\ea sports\f1 challenge 99-02\f1 challenge 99-02.exe => Valeur supprimée avec succès FirewallRaz (Private) : {21728BD5-F293-40DC-8F65-67F3FD85A886} => Valeur supprimée avec succès FirewallRaz (Private) : {4D5ECDAF-76CC-4623-8AEF-99B15EAB97F7} => Valeur supprimée avec succès FirewallRaz (Private) : {BAEC3CA1-FC57-48D6-A46E-C38F33C5A6BB} => Valeur supprimée avec succès FirewallRaz (Private) : {79BAC3DC-2FFF-4678-B31A-7069AA944FA2} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{929DDB58-FA75-4CE6-B423-40357AC0A7D6}C:\program files\ea games\need for speed most wanted\speed.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{C9729DD4-C1EF-4076-B273-7AA2286F90D0}C:\program files\ea games\need for speed most wanted\speed.exe => Valeur supprimée avec succès FirewallRaz (None) : {587B827F-DD11-49A2-828C-8C60A372892B} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{E2B44EC8-E1DF-4CBF-8006-075352DDE7D5}C:\users\gaëlle\appdata\local\temp\kmsact\pack\keygen\keygen.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{44002004-3B37-41FE-B4DB-9ABF085A5FC4}C:\users\gaëlle\appdata\local\temp\kmsact\pack\keygen\keygen.exe => Valeur supprimée avec succès ========== Dossier(s) ========== Dossiers temporaires Windows supprimés: 88 ========== Fichier(s) ========== Fichiers temporaires Windows supprimés : 2024 ========== Récapitulatif ========== 5 : Clé(s) du Registre 21 : Valeur(s) du Registre 1 : Dossier(s) 1 : Fichier(s) End of the scan

Rebonsoir Voici enfin le rapport zhpdiag à l'adresse ci-dessous : Cliquez ici. Merci

Bonsoir Voici le rapport malwarebytes pendant que je fais la dernière manip indiquée. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6067 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 15/03/2011 18:57:30 mbam-log-2011-03-15 (18-57-30).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 374289 Temps écoulé: 1 heure(s), 28 minute(s), 37 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 16 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 11 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{01677B4B-0610-4814-94A0-5F570DD7A88F} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{A5B0779F-0A3E-482E-BB31-B7B871599F60} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{AEF427E4-B0D8-4457-B437-C72F0921FE39} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\GooglePlusVideos.BHOBridge.1 (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\GooglePlusVideos.BHOBridge (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01677B4B-0610-4814-94A0-5F570DD7A88F} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01677B4B-0610-4814-94A0-5F570DD7A88F} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01677B4B-0610-4814-94A0-5F570DD7A88F} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2EA256ED-74B3-4322-B1E0-53D00C693E6E} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{EE53711B-0711-4999-88F0-33DC043623B1} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{78FF2F80-613A-47d7-8871-912B1236F704} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78FF2F80-613A-47D7-8871-912B1236F704} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78FF2F80-613A-47D7-8871-912B1236F704} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78FF2F80-613A-47D7-8871-912B1236F704} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\program files\googleplusvideos\23.googleplusvideos.dll (Trojan.SearchRedir.G) -> Quarantined and deleted successfully. c:\program files\ad-remover\quarantine\C\program files\easysearch\BHO\7.supersearch.dll.vir (Adware.SuperSearch) -> Quarantined and deleted successfully. c:\program files\ad-remover\quarantine\C\program files\Fun4IM\bandoo.exe.vir (Adware.Bandoo) -> Quarantined and deleted successfully. c:\program files\ad-remover\quarantine\C\program files\Fun4IM\bndcore.exe.vir (Adware.Bandoo) -> Quarantined and deleted successfully. c:\program files\ad-remover\quarantine\C\program files\Fun4IM\extensionsmanager.exe.vir (Adware.Bandoo) -> Quarantined and deleted successfully. c:\program files\ad-remover\quarantine\C\program files\mozilla firefox\components\supersearchxpcom.dll.vir (Adware.SuperSearch) -> Quarantined and deleted successfully. c:\Users\Emmanuel\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2ACNHX55\14.supersearch[1].dll (Adware.SuperSearch) -> Quarantined and deleted successfully. c:\Users\Emmanuel\downloads\x3codec-1.5.0.0-setup(2).exe (Adware.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\sncdelsgnzwdvzm.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\components\isupersearchxpcom.xpt (Adware.SuperSearch) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\supersearch@supersearch.com (Adware.SuperSearch) -> Quarantined and deleted successfully.

Bonjour Bernard Tout d'abord merci de ton aide. Voici le rapport ad remover : ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 01/03/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:12:24 le 15/03/2011, Mode normal Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) Gaëlle@PC-SOUS-SOL (System manufacturer System Product Name) ============== ACTION(S) ============== Service: "Fun4IM Coordinator" Stoppé et supprimé Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\SuperSearchXPCOM.dll Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar Dossier supprimé: C:\Users\Gaëlle\AppData\Roaming\Mozilla\FireFox\Profiles\rq87jzrq.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} Dossier supprimé: C:\Users\Gaëlle\AppData\Roaming\Mozilla\FireFox\Profiles\rq87jzrq.default\searchqutb Dossier supprimé: C:\Users\Armand\AppData\Roaming\Mozilla\FireFox\Profiles\p1ovgyus.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} Dossier supprimé: C:\Users\Armand\AppData\Roaming\Mozilla\FireFox\Profiles\p1ovgyus.default\searchqutb Dossier supprimé: C:\Users\Emmanuel\AppData\Roaming\Mozilla\FireFox\Profiles\r235uvk0.default\extensions\firefox@bandoo.com Dossier supprimé: C:\Users\Emmanuel\AppData\Roaming\Mozilla\FireFox\Profiles\r235uvk0.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} Dossier supprimé: C:\Users\Emmanuel\AppData\Roaming\Mozilla\FireFox\Profiles\r235uvk0.default\searchqutb Fichier supprimé: C:\Users\Emmanuel\AppData\Roaming\Mozilla\FireFox\Profiles\r235uvk0.default\searchplugins\SearchquWebSearch.xml Dossier supprimé: C:\Users\Gaëlle\AppData\Roaming\Bandoo Dossier supprimé: C:\Users\Emmanuel\AppData\Roaming\Bandoo Dossier supprimé: C:\ProgramData\Bandoo Dossier supprimé: C:\ProgramData\Fun4IM Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fun4IM Dossier supprimé: C:\Program Files\Fun4IM Dossier supprimé: C:\Users\Gaëlle\AppData\LocalLow\SearchquTB Dossier supprimé: C:\Program Files\EasySearch (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Users\Gaëlle\AppData\Roaming\Mozilla\FireFox\Profiles\rq87jzrq.default\Prefs.js -- Ligne supprimée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q="); -- Fichier Fermé -- -- Fichier ouvert: C:\Users\Armand\AppData\Roaming\Mozilla\FireFox\Profiles\p1ovgyus.default\Prefs.js -- Ligne supprimée: user_pref("extensions.enabledItems", "googleplusvideos@googleplusvideos.com:1.0,search@searchsetting... -- Fichier Fermé -- -- Fichier ouvert: C:\Users\Emmanuel\AppData\Roaming\Mozilla\FireFox\Profiles\r235uvk0.default\Prefs.js -- Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/403"); Ligne supprimée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q="); -- Fichier Fermé -- Clé supprimée: HKLM\Software\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070} Clé supprimée: HKLM\Software\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5} Clé supprimée: HKLM\Software\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217} Clé supprimée: HKLM\Software\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F} Clé supprimée: HKLM\Software\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Clé supprimée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Clé supprimée: HKLM\Software\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62} Clé supprimée: HKLM\Software\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531} Clé supprimée: HKLM\Software\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8} Clé supprimée: HKLM\Software\Classes\CLSID\{476A6578-5D4D-8C6F-C683-2702AAF069A6} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{476A6578-5D4D-8C6F-C683-2702AAF069A6} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{476A6578-5D4D-8C6F-C683-2702AAF069A6} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{476A6578-5D4D-8C6F-C683-2702AAF069A6} Clé supprimée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé supprimée: HKLM\Software\Classes\CLSID\{872F3C0B-4462-424c-BB9F-74C6899B9F92} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92} Clé supprimée: HKLM\Software\Classes\AppID\{9C123289-82E1-4da7-A3C2-B8D28AAD114B} Clé supprimée: HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Clé supprimée: HKLM\Software\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Clé supprimée: HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Clé supprimée: HKLM\Software\Classes\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47b3-8587-D05AF75D6D5A} Clé supprimée: HKLM\Software\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690} Clé supprimée: HKLM\Software\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} Clé supprimée: HKLM\Software\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7} Clé supprimée: HKLM\Software\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB} Clé supprimée: HKLM\Software\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101} Clé supprimée: HKLM\Software\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1} Clé supprimée: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393} Clé supprimée: HKLM\Software\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44} Clé supprimée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Clé supprimée: HKLM\Software\Classes\Interface\{48C9E279-C48C-48C1-9AFC-E4E9E5E5E350} Clé supprimée: HKLM\Software\Classes\Interface\{5106ED5C-7245-4F5A-ABCA-67B0C15333D2} Clé supprimée: HKLM\Software\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B} Clé supprimée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clé supprimée: HKLM\Software\Classes\Interface\{8203FEE5-918A-43C5-BFE0-34B4159FD2E4} Clé supprimée: HKLM\Software\Classes\Interface\{83369246-C6EF-4138-982A-664A62B463E4} Clé supprimée: HKLM\Software\Classes\Interface\{956999E9-A0BE-48C9-9BCC-5A7D3E31BF97} Clé supprimée: HKLM\Software\Classes\Interface\{99E0EEE5-14C5-46D3-878B-7DA2663E1A92} Clé supprimée: HKLM\Software\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417} Clé supprimée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé supprimée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Clé supprimée: HKLM\Software\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690} Clé supprimée: HKLM\Software\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA} Clé supprimée: HKLM\Software\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786} Clé supprimée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Clé supprimée: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2} Clé supprimée: HKLM\Software\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B} Clé supprimée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Clé supprimée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator Clé supprimée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator.1 Clé supprimée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI Clé supprimée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI.1 Clé supprimée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult Clé supprimée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult.1 Clé supprimée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier Clé supprimée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier.1 Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore.1 Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1 Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr.1 Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr.1 Clé supprimée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin Clé supprimée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin.1 Clé supprimée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl Clé supprimée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl.1 Clé supprimée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl Clé supprimée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl.1 Clé supprimée: HKLM\Software\Classes\SuperSearch.BHOBridge Clé supprimée: HKLM\Software\Classes\SuperSearch.BHOBridge.1 Clé supprimée: HKLM\Software\Classes\SuperSearch.SuperSearchFirefoxMgr Clé supprimée: HKLM\Software\Classes\SuperSearch.SuperSearchFirefoxMgr.1 Clé supprimée: HKLM\Software\Classes\AppID\BandooCoordinator.EXE Clé supprimée: HKLM\Software\Classes\AppID\BandooCore.EXE Clé supprimée: HKLM\Software\SearchquMediabarTb Clé supprimée: HKLM\Software\bandoo Clé supprimée: HKLM\Software\EoRezo Clé supprimée: HKLM\Software\DataMngr Clé supprimée: HKCU\Software\EoRezo Clé supprimée: HKCU\Software\DataMngr Clé supprimée: HKCU\Software\AppDataLow\Software\searchqutb Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B69A9DB4-D0A1-4722-B56B-F20757A29CDF} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.15 (fr)] **** Plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/) Plugins\npdivx32.dll (DivX,Inc.) Plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/) Searchplugins\SiteVacuum.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameGoogle Search</ShortName<DescriptionGoogle Search</Description<InputEncodingUTF-8</InputEncoding<Image width=16 height=16data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAUbWAUfbAUnfE1PZE1TeAU3jCk/gA1TlClPkCVjmD1zmE1bhEFjlE13lHmboKGrlMWvlP3jlVYLhVYLkVYPnWIXkWInobZHjapXrdpvpgKLq////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+iJwJgAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsAAAA7AAWrWiQkAAAAYdEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My4zNTDus58AAABrSURBVChTdY9JEoAgDARR3HBF3HX+/00NagStcm7pdMFE7J+IPzDb2OVtjBuAdXyAWQAJTIYNTXsC0AxqSBvUDlzGA7LmBEXOhkoq2quEfylla59IuUccDq4vFYuC3usvaO78e8h4zXyLcw4at7Hur4NtIQAAAABJRU5ErkJggg==</Image<Url type=application/x-suggestions+json method=GET template=hxxp://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}/hxxp://www.google.fr/cse<Param name=cx value=partner-pub-8885210189291163:gzeiy7-8f3l/<Param name=hl value=fr/<Param name=ie value=UTF-8/<Param name=oe value=UTF-8/<Param name=sa value=Search/<Param name=q value={searchTerms}/<!-- Dynamic parameters --<MozParam name=client condition=defaultEngine trueValue=firefox-a falseValue=firefox/</Url<SearchFormhxxp://www.easypowersearch.com/Results.aspx</SearchForm</SearchPlugin) Components\GooglePlusVideosXPCOM.dll (?) Extensions\{fa4b0e7e-fc37-2821-bd2b-b78855e8e828} (z) HKCU_Extensions|firefox@bandoo.com - C:\Users\Gaëlle\AppData\Roaming\Mozilla\Firefox\Profiles/r235uvk0.default\extensions\firefox@bandoo.com (x) -- C:\Users\Gaëlle\AppData\Roaming\Mozilla\FireFox\Profiles\rq87jzrq.default -- Extensions\ConsumerInput@Compete (Consumer Input) Extensions\OberonGameHost@OberonGames.com (Oberon Game Host) Extensions\team.ustart@gmail.com (Add to uStart) Extensions\{0e10f3d7-07f6-4f12-97b9-9b27e07139a5} (Netcraft Anti-Phishing Toolbar) Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} (BetterPrivacy) Searchplugins\ustart.xml (?) Prefs.js - browser.download.dir, E:\\Documents and Settings\\Gaëlle\\Mes documents Prefs.js - browser.download.lastDir, E:\\Documents and Settings\\Amandine\\Mes documents\\Collège\\Diaporama Ostéopathe Prefs.js - browser.startup.homepage, hxxp://www.orange.fr Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15 -- C:\Users\Armand\AppData\Roaming\Mozilla\FireFox\Profiles\p1ovgyus.default -- Extensions\staged-xpis (?) -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\FireFox\Profiles\r235uvk0.default -- Prefs.js - browser.download.lastDir, E:\\Documents and Settings\\Public\\foo fighter Prefs.js - browser.search.selectedEngine, Web Search Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12 Prefs.js - browser.search.defaultenginename, Web Search ======================================== **** Internet Explorer Version [8.0.6001.19019] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_ElevationPolicy\{07E50496-26A2-4C6B-B479-F923296181BC} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{0892E4E9-F64D-4ED3-8E68-B34AE40BB6A9} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{0CEAF3CC-F236-4DCF-B49A-DBC92067EBC2} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{156F79AB-C27D-418E-B91D-B14F5567F880} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{164A2524-8992-4A18-A694-E76C24C0FA03} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{1B712DBB-FD99-4AFB-841D-5BC2A188A4D6} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{227E7FD8-DE34-422A-8551-247DD04A01FB} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{2563BEEC-21E6-4219-9814-35D3CA96B9FD} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{2700BD6E-9544-4487-ABD0-B26873105ECC} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{30C86665-ABE9-41BC-ABDC-FF2BBD79D8FF} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{3501E47B-4735-4939-8B75-67A17C34B47F} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{373F9168-7A28-4B75-99E5-2B51BE7ACDF9} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{3ABAD984-AF64-41ED-AF26-9CA980C50340} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{3CBA37DC-FCEF-4E80-9AFD-E2A72AD6A122} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{3F3C0034-D458-4D43-876A-9E786AA04D64} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{458304EA-A6D5-4D24-B802-4CFF6A5EAE6A} - C:\Program Files\eMule\emule.exe (http://www.emule-project.net) HKCU_ElevationPolicy\{489DE2B0-D2AA-4A48-AED1-8E47366173A1} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{4AE5D2E3-F00F-4F09-AF8F-30F4B899F9EF} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{4CAC2CF8-EF50-4CE3-8AB7-F14C7096867C} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{52886350-4945-43BC-89CB-3B9F018387B2} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{55DC376F-641C-47CD-BA88-1248793E4F65} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{59DA0F5D-F487-4F20-9673-E36C71F8F1D5} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{59E6CF25-1425-4812-A8CF-98ACFC0B00F0} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{5D8F53E4-2789-4FCB-85D5-F6250A5B2BB1} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{66BED7BB-0DB6-4A52-BDD8-F0F85E201A50} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{6864A69F-9D68-44D9-BD73-66BFBBA20D68} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{6874B5D6-3ACF-46A4-A355-7972124074BB} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{6AEF31C4-A721-4A6B-A3BA-6D0EBBA29E8A} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{7C1597CD-4E60-448A-B67E-BEC98984CE31} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{7C4DA27B-F2CE-410D-AD9F-2819F4BB73AF} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{837C7048-9849-4DDF-B0EB-DDC8EE5E335F} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{86735EBA-EA0A-482E-8167-7A11F2913D22} - C:\Program Files\WinRAR\WinRAR.exe (?) HKCU_ElevationPolicy\{88617685-8C93-4F10-B1B6-DCC4983B0EE4} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{8B73C050-EE7E-4C4E-8877-E811DF500556} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{8F93C413-EA15-49C1-8609-918AB36B0C92} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{9361838B-B7F8-4BDA-A722-21C77BB29CA9} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{99FA546B-7802-403B-945D-A136596FA3DF} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{A76F6350-610B-401B-8A9D-173D56ACC03C} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{A9151431-626A-419F-9F2A-5419866EC81A} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{AEF9C57B-F1F3-404E-A539-503222CD9D80} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{B4256A73-837C-4195-BD10-0ADEE51BEFF6} - C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe (x) HKCU_ElevationPolicy\{BB78A81B-213A-42DF-8DB8-0AAB25B68DB8} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{BEE0372A-02CE-43B8-BC7C-DA3D0F6E362E} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{C2DB31E4-4EE9-4E76-9817-E38E27D8548F} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{C3C885B9-3827-4607-8BFF-27B0427ACDCA} - C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe (x) HKCU_ElevationPolicy\{C5F29528-1794-494E-B125-0C3DE770B21A} - C:\Program Files\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe (x) HKCU_ElevationPolicy\{CEF77854-9728-4B55-AEF2-194DFFDBC984} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{CFA49A32-F1BA-4152-ADCC-F0180D8FEAC7} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{DCB35A1E-665A-42CA-BDCF-7D18FE7643EE} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{E47B5660-99EF-4999-8FB5-E2D57CA6D3DC} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{E7BB8672-6DC5-426E-93A7-C8DDE89EF716} - C:\Program Files\OpenOffice.org 3\program\swriter.exe (?) HKCU_ElevationPolicy\{F5D29E50-5A2B-4330-A6EB-46FA0B1EA24E} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKCU_ElevationPolicy\{FDD4FA69-8F2C-4446-84FC-026FFE8A77D8} - C:\Program Files\OpenOffice.org 3\program\simpress.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited) HKLM_ElevationPolicy\{E5A16ED5-1288-4bc3-8F60-48E32854CEF6} - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) BHO\{01677B4B-0610-4814-94A0-5F570DD7A88F} - "Google Plus" (C:\PROGRA~1\GOOGLE~1\23GOOG~1.DLL) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{78FF2F80-613A-47d7-8871-912B1236F704} - "GAddons - Find what you need faster!" (C:\PROGRA~1\EASYSE~1\BHO\7SUPER~1.DLL) (x) BHO\{e94c76fd-747e-069f-4417-812aa7c288dd} - "qualityads" (C:\Windows\system32\eef9361d.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 1940 Fichier(s) C:\Program Files\Ad-Remover\Backup: 18 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 15/03/2011 17:12:41 (24623 Octet(s)) Fin à: 17:14:20, 15/03/2011 ============== E.O.F ==============

Veuillez m'excuser mais mon sujet a été édité deux fois. Je ne sais pas si je peux supprimer un des deux moi-même donc si quelqu'un du site pouvait en supprimer un pour ne pas surcharger s'il vous plait. Merci

Bonjour à tous Je me permets de venir demander de l'aide sur ce forum pour mon ordinateur. Parfois les pages de navigation internet sont détournées et l'adresse reste la bonne mais l'onglet indique adds by qualityadds. Je vous poste le log Hijackthis. Je vous serais très reconnaissante de bien vouloir m'aider à solutionner ce problème. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:50:19, on 15/03/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe E:\Documents and Settings\Gaëlle\Mes documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = uStart.org - YOU Start! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uStart.org - YOU Start! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Google Plus - {01677B4B-0610-4814-94A0-5F570DD7A88F} - C:\PROGRA~1\GOOGLE~1\23GOOG~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: seekgadget enhanced search - {476A6578-5D4D-8C6F-C683-2702AAF069A6} - C:\Windows\System32\qsqxbyicnozigk.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: GAddons - Find what you need faster! - {78FF2F80-613A-47d7-8871-912B1236F704} - C:\PROGRA~1\EASYSE~1\BHO\7SUPER~1.DLL O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: qualityads - {e94c76fd-747e-069f-4417-812aa7c288dd} - C:\Windows\system32\eef9361d.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EADM] "C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O13 - Gopher Prefix: O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_9418.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FA614B45-ED41-428D-8EC4-183B3896AAD1}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Fun4IM Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Fun4IM\Bandoo.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9554 bytes

Bonjour à tous Je me permets de venir demander de l'aide sur ce forum pour mon ordinateur. Parfois les pages de navigation internet sont détournées et l'adresse reste la bonne mais l'onglet indique adds by qualityadds. Je vous poste le log Hijackthis. Je vous serais très reconnaissante de bien vouloir m'aider à solutionner ce problème. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:50:19, on 15/03/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe E:\Documents and Settings\Gaëlle\Mes documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = uStart.org - YOU Start! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uStart.org - YOU Start! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Google Plus - {01677B4B-0610-4814-94A0-5F570DD7A88F} - C:\PROGRA~1\GOOGLE~1\23GOOG~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: seekgadget enhanced search - {476A6578-5D4D-8C6F-C683-2702AAF069A6} - C:\Windows\System32\qsqxbyicnozigk.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: GAddons - Find what you need faster! - {78FF2F80-613A-47d7-8871-912B1236F704} - C:\PROGRA~1\EASYSE~1\BHO\7SUPER~1.DLL O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: qualityads - {e94c76fd-747e-069f-4417-812aa7c288dd} - C:\Windows\system32\eef9361d.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EADM] "C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O13 - Gopher Prefix: O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_9418.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FA614B45-ED41-428D-8EC4-183B3896AAD1}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Fun4IM Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Fun4IM\Bandoo.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9554 bytes

D'accord, je te remercie pour tes explications claires et simples à comprendre. Et encore merci de m'avoir aidée à dépanner mon ordi. Je t'embrasse en espérant ne plus avoir besoin de toi avant longtemps !! Encore une petite chose, je vois sur mon message que l'heure est 8h40 alors que je viens de le poster à l'instant à 9h40. Que se passe-t-il ?

J'ai fait tout ce que tu m'as dit. Puis-je poser quelques questions, s'il te plait ? La première : Pourquoi Norton a mis des fichiers en quarantaine sans m'en informer ? La deuxième : Pourquoi me faire désactiver la restauration du système ? Merci énormément pour ton aide mais peut-être n'avons nous pas fini ? Pour l'instant tout est rentré dans l'ordre mais peut-être reste-t-il certaines choses à faire. PS : Est-ce judicieux de garder norton comme antivirus et pare-feu ?

Ne sois pas si impatient, les gens qui nous aident à dépanner n'ont pas que toi à s'occuper. Ils ne sont pas dispo 24h sur 24, 7 jours sur 7. Laisse leur le temps d'analyser ton log et tu verras que ton problème se résoudra. Mais sûrement pas en 1 heure. Alors sois donc patient et reste respectueux et poli. Bon courage pour la suite

Comme convenu, voici le rapport du scan. ------------------------------------------------------------------------------ KASPERSKY ONLINE SCANNER REPORT Thursday, May 22, 2008 6:06:33 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 22/05/2008 Kaspersky Anti-Virus database records: 794702 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ E:\ F:\ Q:\ R:\ X:\ Y:\ Z:\ Scan Statistics: Total number of scanned objects: 119612 Number of viruses found: 8 Number of infected objects: 18 Number of suspicious objects: 0 Duration of the scan process: 02:56:25 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77BF2D67.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\Documents and Settings\Gaëlle\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Gaëlle\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gaëlle\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Gaëlle\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\030266D1 Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\066D0E80.exe Infected: Trojan.Win32.Pakes.bzo skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0BD45F1F.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D472436 Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\22AC23B3 Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CE14BD5.com Infected: EICAR-Test-File skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CAE14CC.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\58966BCB Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74B80969 Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped C:\RECYCLER\NPROTECT\00000523.SYS Infected: Trojan-Dropper.Win32.Agent.rek skipped C:\RECYCLER\NPROTECT\00001958.VIR Infected: Trojan-Dropper.Win32.Agent.rek skipped C:\RECYCLER\NPROTECT\00001959.VIR Infected: Trojan-Dropper.Win32.Agent.rek skipped C:\RECYCLER\NPROTECT\00001960.VIR Infected: Trojan-Dropper.Win32.Agent.rek skipped C:\RECYCLER\NPROTECT\00001962.VIR Infected: Trojan-Dropper.Win32.Agent.rek skipped C:\RECYCLER\NPROTECT\00001963.VIR Infected: Trojan-Dropper.Win32.Agent.rek skipped C:\RECYCLER\NPROTECT\00001964.VIR Infected: Trojan-Downloader.Win32.Mutant.yq skipped C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP423\A0122001.sys Infected: Trojan.Win32.Agent.mwo skipped C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP423\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Aztech CNR V.92 Modem.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\T30DebugLogFile.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP423\change.log Object is locked skipped Scan process completed.