Sujet Précédent Sujet Suivant

Blocage antivirus et mise a jour windows

Fermé
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013 - 16 janv. 2009 à 17:42
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013 - 2 févr. 2009 à 17:22
Bonjour,
Depuis ce matin mon antivirus antivir n'est plus actif en le lancant j'ai le message suivant " antivir .exe n'est pas une application win 32"
en changeant d'antivirus j'ai eu le problème ( avast spybot)
d'autre part j'obtiens ce même type de message en voulant faire la mise a jour de windows.
Je suis sous XP sp3.
merci de votre aide.
A voir également:

58 réponses

Réponse 1 / 58
Utilisateur anonyme
19 janv. 2009 à 19:20
Re,

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
1
Réponse 2 / 58
Utilisateur anonyme
19 janv. 2009 à 19:34
Re,

Non tu es encore infecter ilreste des clés.

Le fix a était mit a jour avant hier.

Passe le stp.
1
Réponse 3 / 58
Utilisateur anonyme
19 janv. 2009 à 19:38
Salut V-X,

Le fix a était mit a jour avant hier

et aujour d hui

FindyKill V4.714

http://www.commentcamarche.net/forum/affich 10584058 bagle et plus d anti virus

bonne suite , regarde winupgro dans system32 si present

++
1
Réponse 4 / 58
Utilisateur anonyme
19 janv. 2009 à 19:46
Re,

@Chiqui:

OK.

@papypolo.

Télécharge toolscleaner sur ton Bureau :

toolscleaner

* Double-clique sur ToolsCleaner2.exe et laisse le travailler

* Clique sur Recherche et laisse le scan se terminer.

* Clique sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 58
Utilisateur anonyme
16 janv. 2009 à 17:43
Salut,

tu as du cracker.

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 6 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
16 janv. 2009 à 17:55
----------------- FindyKill V4.712 ------------------

* User : Jean Paul - ACER
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 14/01/09 par Chiquitine29
* Recherche effectuée à 17:49:54 le 16/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\MediaLife\MediaLifeService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
D:\Program Files\3.2\Apps\apdproxy.exe
D:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Astase\UltraBackup\4.9\bin\tbs.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
D:\PROGRA~2\MICROS~1\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe" (2496)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\130203.EXE-23F76B78.pf
Found ! - C:\WINDOWS\prefetch\14751640.EXE-280FC5E6.pf
Found ! - C:\WINDOWS\prefetch\14801812.EXE-0E0B75E1.pf
Found ! - C:\WINDOWS\prefetch\14809750.EXE-33371CC2.pf
Found ! - C:\WINDOWS\prefetch\14857531.EXE-0C5600F0.pf
Found ! - C:\WINDOWS\prefetch\14900484.EXE-0ADE99F3.pf
Found ! - C:\WINDOWS\prefetch\14910281.EXE-38D96029.pf
Found ! - C:\WINDOWS\prefetch\15029406.EXE-13C906BB.pf
Found ! - C:\WINDOWS\prefetch\15055390.EXE-214775E3.pf
Found ! - C:\WINDOWS\prefetch\186890.EXE-2BBE5F4A.pf
Found ! - C:\WINDOWS\prefetch\193156.EXE-3AC59381.pf
Found ! - C:\WINDOWS\prefetch\207968.EXE-0A79DB50.pf
Found ! - C:\WINDOWS\prefetch\236171.EXE-2A7B3B25.pf
Found ! - C:\WINDOWS\prefetch\250828.EXE-02F1D6D9.pf
Found ! - C:\WINDOWS\prefetch\29571343.EXE-236246E1.pf
Found ! - C:\WINDOWS\prefetch\29664046.EXE-3B96B0EC.pf
Found ! - C:\WINDOWS\prefetch\324812.EXE-1D1D1DDC.pf
Found ! - C:\WINDOWS\prefetch\430734.EXE-1A815365.pf
Found ! - C:\WINDOWS\prefetch\44110781.EXE-0659F9D1.pf
Found ! - C:\WINDOWS\prefetch\44153796.EXE-17E88BE6.pf
Found ! - C:\WINDOWS\prefetch\44267187.EXE-2465EA26.pf
Found ! - C:\WINDOWS\prefetch\44299640.EXE-17E47E0C.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-00D2F877.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-02D2AA6C.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_PATCH.EXE-1F0515D9.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [16/01/2009 17:22] - C:\WINDOWS\system32\mdelk.exe
Found ! [16/01/2009 17:22] - C:\WINDOWS\system32\wintems.exe
Found ! [16/01/2009 17:23] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Jean Paul\Application Data

Found ! [16/01/2009 17:19] - "C:\Documents and Settings\Jean Paul\Application Data\m\flec006.exe"
Found ! [16/01/2009 17:20] - "C:\Documents and Settings\Jean Paul\Application Data\m\list.oct"
Found ! [16/01/2009 17:20] - "C:\Documents and Settings\Jean Paul\Application Data\m\data.oct"
Found ! [16/01/2009 17:20] - "C:\Documents and Settings\Jean Paul\Application Data\m\srvlist.oct"
Found ! [16/01/2009 17:22] - "C:\Documents and Settings\Jean Paul\Application Data\m\shared"
Found ! [12/01/2009 08:21] - "C:\Documents and Settings\Jean Paul\Application Data\m"
Found ! [12/01/2009 08:19] - "C:\Documents and Settings\Jean Paul\Application Data\drivers"
Found ! [16/01/2009 17:18] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa.sys"
Found ! [16/01/2009 17:18] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa2.sys"
Found ! [06/06/2005 05:09] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe"
Found ! [16/01/2009 17:23] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\JEANPA~1\LOCALS~1\Temp


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
H/PC Connection Agent="D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
EPSON Stylus DX4400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S104.tmp" /EF "HKCU"
vmnem="c:\documents and settings\jean paul\local settings\application data\vmnem.exe" vmnem
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
UVS10 Preload=d:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ntiMUI=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MediaLifeService="D:\Program Files\MediaLife\MediaLifeService.exe"
LaunchApp=Alaunch
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ehTray=C:\WINDOWS\ehome\ehtray.exe
Creative WebCam Tray=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Acer Empowering Technology Monitor=C:\WINDOWS\system32\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Adobe Photo Downloader="D:\Program Files\3.2\Apps\apdproxy.exe"
EoEngine=
_BackupService="D:\Program Files\Astase\UltraBackup\4.9\bin\tbs.exe" -start
thnotify="D:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe" /start
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="D:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Kodak EasyShare]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msmsgs]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NTI WaveEditor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SmaPanel]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\TestProg]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

J: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 7 / 58
Utilisateur anonyme
16 janv. 2009 à 17:57
Re,

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 8 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
16 janv. 2009 à 18:24
----------------- FindyKill V4.712 ------------------

* User : Jean Paul - ACER
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 18:09:38 the 16/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\130203.EXE-23F76B78.pf
Deleted ! - C:\WINDOWS\prefetch\14751640.EXE-280FC5E6.pf
Deleted ! - C:\WINDOWS\prefetch\14801812.EXE-0E0B75E1.pf
Deleted ! - C:\WINDOWS\prefetch\14809750.EXE-33371CC2.pf
Deleted ! - C:\WINDOWS\prefetch\14857531.EXE-0C5600F0.pf
Deleted ! - C:\WINDOWS\prefetch\14900484.EXE-0ADE99F3.pf
Deleted ! - C:\WINDOWS\prefetch\14910281.EXE-38D96029.pf
Deleted ! - C:\WINDOWS\prefetch\15029406.EXE-13C906BB.pf
Deleted ! - C:\WINDOWS\prefetch\15055390.EXE-214775E3.pf
Deleted ! - C:\WINDOWS\prefetch\186890.EXE-2BBE5F4A.pf
Deleted ! - C:\WINDOWS\prefetch\193156.EXE-3AC59381.pf
Deleted ! - C:\WINDOWS\prefetch\207968.EXE-0A79DB50.pf
Deleted ! - C:\WINDOWS\prefetch\236171.EXE-2A7B3B25.pf
Deleted ! - C:\WINDOWS\prefetch\250828.EXE-02F1D6D9.pf
Deleted ! - C:\WINDOWS\prefetch\29571343.EXE-236246E1.pf
Deleted ! - C:\WINDOWS\prefetch\29664046.EXE-3B96B0EC.pf
Deleted ! - C:\WINDOWS\prefetch\324812.EXE-1D1D1DDC.pf
Deleted ! - C:\WINDOWS\prefetch\430734.EXE-1A815365.pf
Deleted ! - C:\WINDOWS\prefetch\44110781.EXE-0659F9D1.pf
Deleted ! - C:\WINDOWS\prefetch\44153796.EXE-17E88BE6.pf
Deleted ! - C:\WINDOWS\prefetch\44267187.EXE-2465EA26.pf
Deleted ! - C:\WINDOWS\prefetch\44299640.EXE-17E47E0C.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-00D2F877.pf
Deleted ! - C:\WINDOWS\prefetch\INSTALL_PATCH.EXE-1F0515D9.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-02D2AA6C.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Jean Paul\Application Data

Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\!Cellphone Nokia Sony Ericsson Siemens.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\.Kaspersky.Security.Suite.Personal.(Keygen).zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\3X0-103 - Linux Networking (Level 1) Practice Exam Questions 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\404
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\A Smaller Image 3.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\A3D JMapping 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Abcc All Video Converter Pro 5.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\ABCPix 2.13.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Advanced Batch Filter 3.51 Bulid20050711.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Affinity 1.4.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\All Video Converter Pack.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Alternate's ASCII Artist 2.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Any Video Converter Pro 2.6.7.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\ApexSQL Enforce 2008.02.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Aspose.Tasks for .Net (formerly Aspose.Project) 1.6.2.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\AVG.Anti-Virus.v7.1.362.Incl.Keygen-SSG.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Baby Names 1.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Billy Budd 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\BlueMarket Lite 1.4.3118.26184.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Book Text Mark 1.1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\BOS Desk Drive 1.6.9.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\bulletcalculatordtmv 0.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\CD Player 1.71.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Christmas Snowflakes Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Content Preferences 0.4.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Cool FLV Flash to All Video Converter 6.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Crack.Panda.Antivirus.Titanium.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\DayCalc 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\DBF Viewer Plus 1.50.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Drive Info 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\E-Zsoft DVD to iPod Converter 5.0.16.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\EASEUS Partition Manager Home Edition 3.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Easy Photo Recovery 2.4.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Effective-Word 2.001.012.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\EWDraw 5.5.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Ewido.Anti-Malware.3.5-RegPatch_CiM.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Extended System Tray 1.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Fatman ScreenMate 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Field Day Contest Log 2.8.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Firesomething 1.8.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\First Alert Service Monitor 08.11.17.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Floppy Madness v1.00.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Focus VideoPhone 3.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Form 1099-S Proceeds from Real Estate Transactions 1.01.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Formulas 3.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Fractal Snowflake Generator 1.4.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Free Audio CD to MP3 Converter 3.1.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\FreeStar CD Burner Software 1.0.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Gexonic E-Mail Notifier 1.0.2 Build 16.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Groovy backgrounds 25.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Handy Estimator Full 4.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\HQFax Beta-9.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Html Advert Creator 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Impulse 3.10.340 Build 942.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\iReveal 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Ivan DVD Ripper 1.11.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\JNG Format Plugin 0.8.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\JSW
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Kaspersky.Anti.Virus.v6.0.0.299.German.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Kitchen Table Talk Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\LenMus Phonascus 3.6.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Lenogo Video to iPod Converter 4.2.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 Russian - Armenian 2.3.90.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Maxapt QuickEye Enterprise 2.7.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Mcafee.Virusscan.Enterprise.8.0I.Cumulative.Patch.14.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\MKB Backup Solution 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Mojo 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Money Decoder 1.1.4.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Monkey 1.02.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Morning Paper 1.92.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Music Database 2000 2.254.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\NDD MovieBank 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Nemesis 3.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Network Packet Analyzer CAPSA 6.9 Build 1143.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\NeuroSpy 0.9.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\NoteWorthy Composer 1.75c.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Office Tracker Scheduling Software 6.5.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Party Babes 2004 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Pazera Free 3GP to AVI Converter 1.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\PC OMR 8.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Perfect Day
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Personal Serial Communications Library for Pascal 6.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Petals in the Wind 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Pick-a-Proxy Toolbar 1.3.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Portable Bezier Curve Path Generator 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\PS2-Mobile.Suite.Gundam.Seed.NTSC_Multi5_DVDFull_.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Puppy Toes Pedigree Generator 4.0 Build 134.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\ReaSoft Data Backup 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Receipt Book Manager 6.8.4.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Recipe Database .9b.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Rich Text Icon Collection 1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\RSP Encrypt .Net 1.0.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Salsa Rhythm Machine 3.0.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Simple Calculator 1.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Small Stella 4.1.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Sophos.Antivirus.v4.5.10.R2.Win9xME.Multilingual-DVT.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Splendid City Sports Scheduler Lite 6.6.3.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\SpywareBlaster 4.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Star ASF Converter 1.2.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Startup Sentry 2.20.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Sun and Moon World Map 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\SunoSoft S-Crypto II 2.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Symantec_Norton_Antivirus_Corporate_10.1.5.5000_Fr_[Gathaka].zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Syncronize Backup 1.37.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Tab Slideshow 2.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TapTap Hotkey Extender 1.03.01.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Tesseract PAD Submitter 2.2.6 Build 97.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\The Good Shepherd Screensaver.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Time & Chaos 7.0.3.6.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TjanEverGauge.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TOP RingTones for Mobile Phones.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TrayIt! 4.6.5.5.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TrendCatch FX 4.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Undelete Memory Stick 1.6 Build 789.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\UniDirect .NET Data Provider 2.05.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\VeriFinger Extended SDK 6.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\VisioForge Video Capture ActiveX Edition 3.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Voxengo OldSkoolVerb 1.4.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Vypress Chat 2.1.5.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\WAP WBMP Export 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\WebPic Deluxe 2.0.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Windows Media Stream Recorder 11.2.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\WordFinder 2.1.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Xitami 2.5c2 beta.zip
Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\XP Tools Software Aquarium Screensaver 1.0.zip
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\JEANPA~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\1MB4YC06\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\1MB4YC06\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\1MB4YC06\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\68I43U4M\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\68I43U4M\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\68I43U4M\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\6GZNOK1Q\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\6GZNOK1Q\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\7BX4V8WZ\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\7BX4V8WZ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\FIXIIWO5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\FIXIIWO5\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\FIXIIWO5\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NYXCT1GK\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NYXCT1GK\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\OJCXX9PG\file[1].txt
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\WZ5ASUT8\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YD3EBK3L\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YD3EBK3L\b64_3[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\install_patch
Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur amovible

J: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
ebe38e2fcd97bfaf184cd5386100b529 C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe

Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\Program Files\Messenger\msmsgs.exe
Suspect ! - 64f497dace34ea0c38569c4c0549fe03 C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP115\A0028565.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032435.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032444.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032459.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032491.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032515.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032520.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032537.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032564.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032611.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032613.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032624.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032644.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032656.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032657.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032666.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032675.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032694.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032729.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032748.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032764.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032777.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032794.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032809.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032823.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032828.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032850.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032880.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032894.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032908.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032930.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032940.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032959.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032960.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032977.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032996.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0033010.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0033040.exe

--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
Réponse 9 / 58
Utilisateur anonyme
16 janv. 2009 à 18:25
Re,

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 10 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
16 janv. 2009 à 18:28
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:57, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grapi.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UVS10 Preload] d:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaLifeService] "D:\Program Files\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [_BackupService] "D:\Program Files\Astase\UltraBackup\4.9\bin\tbs.exe" -start
O4 - HKLM\..\Run: [thnotify] "D:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S104.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [vmnem] "c:\documents and settings\jean paul\local settings\application data\vmnem.exe" vmnem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Jean Paul\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: World Community Grid - BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: World Community Grid - BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Startup: World Community Grid - BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYFR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~2\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~2\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~2\MICROS~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O17 - HKLM\System\CCS\Services\Tcpip\..\{501AB30F-8BB2-4826-B129-177AA34C539A}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Astase ThalliumBackup Client Background Service (thpassivesvc) - Astase - D:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 11 / 58
Utilisateur anonyme
16 janv. 2009 à 18:30
Re,

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.


Tutoriel pour MalwareByte's
0
Réponse 12 / 58
Utilisateur anonyme
16 janv. 2009 à 18:32
Re,

Aussi si tu utiliser avast comme antivirus je te conseil de mettre celui là:

▶ D'installer cet Antivirus:

ANTIVIR

▶ Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

▶ Dans Antivir, choisis Outils puis Configuration.

▶ Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

Avast et Antivir : comparaisons, et passage à Antivir.

▶ Fait la mise à jour d'antivir
0
Réponse 13 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
16 janv. 2009 à 18:43
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1659
Windows 5.1.2600 Service Pack 3

16/01/2009 18:39:48
mbam-log-2009-01-16 (18-39-48).txt

Type de recherche: Examen rapide
Eléments examinés: 63561
Temps écoulé: 3 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Jean Paul\Local Settings\Application Data\vmnem_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Local Settings\Application Data\vmnem_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Local Settings\Application Data\vmnem.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Log\log_2007_04_12_08_52_29.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Log\log_2007_04_12_08_52_30.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Registry Backups\2007-04-12_08-54-39.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
0
Réponse 14 / 58
Utilisateur anonyme
16 janv. 2009 à 18:45
Re,

Redémarre ton pc normalement et fait ce qui suit:

▶ Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours/!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 15 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
16 janv. 2009 à 18:56
------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 20:00

START AT: 18:54:21 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: ACER | USER: Jean Paul ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- J:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 59

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
.
C:\Documents and Settings\Jean Paul\Application Data\EoRezo
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\db
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\host.cyp
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\user.cyp
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

+--------------------| Everest Casino/Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\b3toa7st.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

* Browser Startup HomePage: "http://www.grapi.net/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.grapi.net/

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~4106 bytes] - "C:\AD-report-Scan-16.01.2009.log"

END AT: 18:55:24 | 16/01/2009 - Time elapsed: 63.3 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 81 lines ]
+---------------------------------------------------------------------------+
0
Réponse 16 / 58
Utilisateur anonyme
16 janv. 2009 à 18:58
Re,

/!\ Déconnectes toi et fermes toutes applications en cours /!\

▶ Relances "Ad-remover" : au menu principal choisi l'option "B" .

http://apu.mabul.org/up/apu/2008/11/19/img-221318q2g03.jpg


▶ Ensuite coche:

Eorezo=>Entré
MyWebSearch=>Entré

▶ Puis "S"

▶ le programme va travailler ...

▶ Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
0
Réponse 17 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
16 janv. 2009 à 19:15
------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 20:00

*** Limited to ***

Eorezo
Funwebproduct/MyWay/MyWebsearch

******************

START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: ACER | USER: Jean Paul ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- J:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 56

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\Jean Paul\Application Data\EoRezo
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\b3toa7st.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

* Browser Startup HomePage: "http://www.grapi.net/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
[~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 67 lines ]
+---------------------------------------------------------------------------+


------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 20:00

*** Limited to ***

Eorezo
Funwebproduct/MyWay/MyWebsearch

******************

START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: ACER | USER: Jean Paul ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- J:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 56

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\Jean Paul\Application Data\EoRezo
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\b3toa7st.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

* Browser Startup HomePage: "http://www.grapi.net/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
[~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 67 lines ]
+---------------------------------------------------------------------------+


------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 20:00

*** Limited to ***

Eorezo
Funwebproduct/MyWay/MyWebsearch

******************

START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: ACER | USER: Jean Paul ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- J:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 56

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\Jean Paul\Application Data\EoRezo
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\b3toa7st.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

* Browser Startup HomePage: "http://www.grapi.net/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
[~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 67 lines ]
+---------------------------------------------------------------------------+


------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 20:00

*** Limited to ***

Eorezo
Funwebproduct/MyWay/MyWebsearch

******************

START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: ACER | USER: Jean Paul ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT)
- J:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 56

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\Jean Paul\Application Data\EoRezo
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\b3toa7st.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

* Browser Startup HomePage: "http://www.grapi.net/"

.

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
[~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 67 lines ]
+---------------------------------------------------------------------------+
0
Réponse 18 / 58
Utilisateur anonyme
16 janv. 2009 à 19:17
Re,

▶ Installe NAVILOG1

Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

▶ Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\


Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe

(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

Une fois l'installation terminé, pour lancer le fix :

- en utilisant le raccourci crée sur le bureau : Navilog1

- Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

Après le choix de la langue et les messages d'avertissement, le menu s'affiche.

Faite le choix 1

Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.

(si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 19 / 58
papypolo Messages postés 35 Date d'inscription vendredi 8 février 2008 Statut Membre Dernière intervention 8 avril 2013
17 janv. 2009 à 10:47
Grand merci à V-X pour son aide.
Après toutes ces manip. , hier soir j'ai voulu voir si mon système refonctionnait avant de faire la dernière manip que vous m'indiquiez.
J'ai commencé par une mise à jour de windows qui a fonctionnée.
J'ai rechargé Avira et ai effectué un scan qui m'a encore éliminé quelques troj (j'ai le rapport)
J'ai passé spybot ok et malware ok.
La situation semble rétabli, Au départ de mon problème le virus m'avait supprimé l'accés au son, il ne reconnaissait plus mes HP, et ensuite j'ai réalisé qu'avira ne fonctionnait plus, pas de mise à jour de windows et la suite.....
Merci encore
0
Réponse 20 / 58
Utilisateur anonyme
17 janv. 2009 à 15:40
Re,

Ce n'est pas fini .

Passe navilog 1 et poste mpoi le rapport .

merci
0