Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

kiwee toolbar

Morgana71

Par Morgana71
dans Analyses et éradication malwares

 Partager

Messages recommandés

Morgana71 Junior Member

Morgana71

Posté(e)
  • Auteur
Posté(e)

J'ai enfin réussi à charger OTM...voici le rapport demandé :

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

C:\Program Files (x86)\AGI\common\agcutils.dll moved successfully.

C:\Program Files (x86)\AGI\tmp folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\xml\sax folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\xml\parsers folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\xml\etree folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\xml\dom folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\xml folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\logging folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\hotshot folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\encodings folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\email\mime folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\email folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\ctypes folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib\compiler folder moved successfully.

C:\Program Files (x86)\AGI\Python25\Lib folder moved successfully.

C:\Program Files (x86)\AGI\Python25\DLLs folder moved successfully.

C:\Program Files (x86)\AGI\Python25 folder moved successfully.

C:\Program Files (x86)\AGI\common\win32comext\shell folder moved successfully.

C:\Program Files (x86)\AGI\common\win32comext\axcontrol folder moved successfully.

C:\Program Files (x86)\AGI\common\win32comext\authorization folder moved successfully.

C:\Program Files (x86)\AGI\common\win32comext\adsi folder moved successfully.

C:\Program Files (x86)\AGI\common\win32comext folder moved successfully.

C:\Program Files (x86)\AGI\common\win32com\server folder moved successfully.

C:\Program Files (x86)\AGI\common\win32com\client folder moved successfully.

C:\Program Files (x86)\AGI\common\win32com folder moved successfully.

C:\Program Files (x86)\AGI\common\win32\scripts folder moved successfully.

C:\Program Files (x86)\AGI\common\win32\lib folder moved successfully.

Folder move failed. C:\Program Files (x86)\AGI\common\win32 scheduled to be moved on reboot.

C:\Program Files (x86)\AGI\common\pyagcore\search\provider folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\search\algorithm folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\search folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\protection folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\process folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\lilw folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\install\installers folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\install\dependency folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\install folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore\config folder moved successfully.

C:\Program Files (x86)\AGI\common\pyagcore folder moved successfully.

C:\Program Files (x86)\AGI\common\dateutil\zoneinfo folder moved successfully.

C:\Program Files (x86)\AGI\common\dateutil folder moved successfully.

C:\Program Files (x86)\AGI\common\comtypes\tools folder moved successfully.

C:\Program Files (x86)\AGI\common\comtypes\server folder moved successfully.

C:\Program Files (x86)\AGI\common\comtypes\gen folder moved successfully.

C:\Program Files (x86)\AGI\common\comtypes\client folder moved successfully.

C:\Program Files (x86)\AGI\common\comtypes folder moved successfully.

Folder move failed. C:\Program Files (x86)\AGI\common scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\AGI scheduled to be moved on reboot.

LoadLibrary failed for C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\META-INF folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\defaults\preferences folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\defaults folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\components folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox\chrome folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167\firefox folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar\2.8.167 folder moved successfully.

C:\Program Files (x86)\Kiwee Toolbar folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

Registry key HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Emilie

->Temp folder emptied: 15110306 bytes

->Temporary Internet Files folder emptied: 20054840 bytes

->Java cache emptied: 40348522 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

Windows Temp folder emptied: 5200457 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33176 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 885 bytes

 

Total Files Cleaned = 77,00 mb

 

 

OTM by OldTimer - Version 3.1.4.0 log created on 01062010_094007

 

Files moved on Reboot...

C:\Program Files (x86)\AGI\common\win32 folder moved successfully.

C:\Program Files (x86)\AGI\common folder moved successfully.

C:\Program Files (x86)\AGI folder moved successfully.

File C:\Users\Emilie\AppData\Local\Temp\~DF265E.tmp not found!

File C:\Users\Emilie\AppData\Local\Temp\~DF2667.tmp not found!

File C:\Users\Emilie\AppData\Local\Temp\~DF279E.tmp not found!

File C:\Users\Emilie\AppData\Local\Temp\~DF27AF.tmp not found!

File C:\Users\Emilie\AppData\Local\Temp\~DF27F4.tmp not found!

File C:\Users\Emilie\AppData\Local\Temp\~DF2805.tmp not found!

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZWHB84\EcranPrincipal[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZWHB84\FonctionsPublicite[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZWHB84\FonctionsPublicite[2].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZWHB84\img[2].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZWHB84\img[3].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LPZWHB84\redirectiframe[1].html moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BT2AAFI3\ban_728x90[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BT2AAFI3\img[4].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BT2AAFI3\rectangle_300x250[1].htm moved successfully.

File C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BT2AAFI3\reload[1].gif not found!

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9HMGK3ZM\ads[3].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9HMGK3ZM\hp[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9HMGK3ZM\img[2].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\ads[2].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\AP_ADV_728x90[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\home[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\iframe[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\kiwee-toolbar-t172184[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\kiwee-toolbar-t172184[2].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\logout[1].gif moved successfully.

File C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\mailbox[1].htm not found!

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68FBEJII\povh[1].htm moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\Emilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

 

Registry entries deleted on Reboot...

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Qu'est- ce que ça a donné concrètement?

 

Poste un nouveau log Hijackthis stp.

 

Bonne journée. :P

Morgana71 Junior Member

Morgana71

Posté(e)
  • Auteur
Posté(e)

Voili voilou...aussitôt dit aussitôt fait :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:55:46, on 06/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30729; .NET CLR 3.5.30729)" -"http://www.gamevial.com/bbgames/teamtanks.html"

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {4DD20514-9520-40A7-9CD6-66883643A20B} (UviLaunch Control) - http://www.boaki.com/download/uviLaunch.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_3_0.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files (x86)\AGI\common\win32\PythonService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9287 bytes

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Le rapport est bon; est-ce que tu es débarrassée de cette saleté?

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab <http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab>

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

@++

Morgana71 Junior Member

Morgana71

Posté(e)
  • Auteur
Posté(e)

Voilà qui est fait...j'ai aussi relancé un scan avec login :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:59:40, on 06/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30729; .NET CLR 3.5.30729)" -"http://www.gamevial.com/bbgames/teamtanks.html"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: {4DD20514-9520-40A7-9CD6-66883643A20B} (UviLaunch Control) - http://www.boaki.com/download/uviLaunch.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_3_0.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files (x86)\AGI\common\win32\PythonService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9111 bytes

 

 

Et la barre est toujours là !

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Snif, je n'ai plus grand-chose à suggérer.

 

Quelle version exacte de Windows as-tu? (basique, familiale? ??)

 

Il y a bien Windows Install Clean Up mais cela ne convient pas à toutes les versions.

 

Voir ici les produits auxquels cet utilitaire peut servir:

 

Microsoft Windows XP Édition familiale

Microsoft Windows XP Professional

Windows Vista Service Pack 1

Windows Vista Édition Intégrale

Windows Vista Édition Intégrale 64 bits

Windows Vista Entreprise

Windows Vista Entreprise 64 bits

Windows Vista Professionnel

Windows Vista Professionnel 64 bits

Windows Vista Édition Familiale Premium

Windows Vista Édition Familiale Premium 64 bits

Windows Vista Édition Familiale Basique

Windows Vista Édition Familiale Basique N 64-bit Edition

 

http://support.microsoft.com/kb/970744/fr#Solution3

 

Lis bien les instructions, c'est important! Si cette maudite Kiwee Toolbar se trouvait dans la liste de l'outil, cela arrangerait bien nos bidons... :P

 

@+tard :P

Morgana71 Junior Member

Morgana71

Posté(e)
  • Auteur
Posté(e) (modifié)

j'ai une édition familiale premium...j'essaie....et bein même dans windows installer clean up...je trouve pas cette satanée barre...

Modifié par Morgana71
Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

J'ai trouvé ça sur un forum et franchement, je ne sais pas ce que ça vaut, mais pouquoi pas essayer?

 

Pour désinstaller Kiwee, il faut le télécharger sur leur site, lancer l'installation et si kiwee est déjà installé on a l'option permettant de le désinstaller qui s'affiche dans la fenêtre de l'installeur. On doit pouvoir télécharger Kiwee à cette adresse:

http://www.kiwee.com/platform/tb/install/d...d?c=GNKIW29­193

 

NB: voici une vidéo qui semble confirmer cette façon de faire:

 

Good luck :P

Morgana71 Junior Member

Morgana71

Posté(e)
  • Auteur
Posté(e)

J'ai réussi à désinstaller kiwee toolbar en le réinstallant et dans ajout suppression programmes mais j'ai toujours le moteur de recherche kiwee et bing alors que google est mon moteur de recherche par défaut

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

C'est déjà pas mal d'avoir pu virer cette m****.

 

Méfie-toi comme de la peste de toutes les toolbars à l'avenir >> http://forum.malekal.com/les-toolbars-est-...oire-t6173.html

 

Evite aussi le site EoRezo, les bidules Messenger Skinner et tous ces trucs en apparence sympathiques pour le messenger. Refuse toujours les "sponsors" comme celui de Messenger Plus! qui en fait est l'adware Lop, encore une sale bestiole, surtout sur un système tel que le tien.

 

Bing, ce n'est rien, c'est un moteur de Microsoft.

 

Mais ta page d'accueil est-elle détournée par Kiwee? Ou as-tu directement accès à Google?

 

Peux-tu me faire une capture d'écran des moteurs de recherche présents dans Explorer stp? (Comme celle que je t'ai montrée plus haut).

 

Tu héberges l'image ici: http://mabul.org/ et tu copies/colles le lien prévu pour les forums. (bbcodes)

 

img-163551l7al8.jpg

 

@++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...