Blocage antivirus et mise a jour windows

papypolo Messages postés 38 Statut Membre -  
papypolo Messages postés 38 Statut Membre -
Bonjour,
Depuis ce matin mon antivirus antivir n'est plus actif en le lancant j'ai le message suivant " antivir .exe n'est pas une application win 32"
en changeant d'antivirus j'ai eu le problème ( avast spybot)
d'autre part j'obtiens ce même type de message en voulant faire la mise a jour de windows.
Je suis sous XP sp3.
merci de votre aide.
Configuration: Windows XP
Internet Explorer 7.0

58 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Problème central : l'antivirus Antivir ne se lance plus sous Windows XP SP3 et affiche le message 'antivir.exe n'est pas une application Win32', tandis que des symptômes similaires apparaissent lors des mises à jour Windows. Des solutions proposées consistent à éliminer les conflits entre outils et à diagnostiquer l'infection, notamment en enregistrant FindyKill sur le bureau et en supprimant Elibagla pour éviter des conflits lors des mises à jour Windows. En cas de persistance, ToolsCleaner est recommandé pour un nettoyage complémentaire et la génération de rapport TCleaner.txt à la racine du disque, avec une vigilance sur des clés résiduelles et composants susceptibles d'être persistants.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. V-X
     
    Re,

    FindyKill de Chiquitine29

    ▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

    ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

    ▶ Laisse toi guider pour l'installer.

    ▶ Double clic sur " FindyKill." pour lancer l'outil .

    ▶ Choisis La langue:F pour français

    ▶ Choisis l'option 1 . Puis laisses travailler ...

    ▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    Les-risques-securitaires-du-peer-to-peer

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    1
  2. V-X
     
    Re,

    Non tu es encore infecter ilreste des clés.

    Le fix a était mit a jour avant hier.

    Passe le stp.
    1
  3. Utilisateur anonyme
     
    Salut V-X,

    Le fix a était mit a jour avant hier

    et aujour d hui

    FindyKill V4.714

    http://www.commentcamarche.net/forum/affich 10584058 bagle et plus d anti virus

    bonne suite , regarde winupgro dans system32 si present

    ++
    1
  4. V-X
     
    Re,

    @Chiqui:

    OK.

    @papypolo.

    Télécharge toolscleaner sur ton Bureau :

    toolscleaner

    * Double-clique sur ToolsCleaner2.exe et laisse le travailler

    * Clique sur Recherche et laisse le scan se terminer.

    * Clique sur Suppression pour finaliser.

    * Tu peux, si tu le souhaites, te servir des Options facultatives.

    * Clique sur Quitter, pour que le rapport puisse se créer.

    * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    FindyKill de Chiquitine29

    ▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

    ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

    ▶ Laisse toi guider pour l'installer.

    ▶ Double clic sur " FindyKill." pour lancer l'outil .

    ▶ Choisis La langue:F pour français

    ▶ Choisis l'option 1 . Puis laisses travailler ...

    ▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    Les-risques-securitaires-du-peer-to-peer

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. V-X
     
    Salut,

    tu as du cracker.

    FindyKill de Chiquitine29

    ▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

    ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

    ▶ Laisse toi guider pour l'installer.

    ▶ Double clic sur " FindyKill." pour lancer l'outil .

    ▶ Choisis La langue:F pour français

    ▶ Choisis l'option 1 . Puis laisses travailler ...

    ▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    Les-risques-securitaires-du-peer-to-peer

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  7. papypolo Messages postés 38 Statut Membre
     
    ----------------- FindyKill V4.712 ------------------

    * User : Jean Paul - ACER
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 14/01/09 par Chiquitine29
    * Recherche effectuée à 17:49:54 le 16/01/2009
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\MediaLife\MediaLifeService.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    D:\Program Files\3.2\Apps\apdproxy.exe
    D:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Astase\UltraBackup\4.9\bin\tbs.exe
    D:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
    D:\PROGRA~2\MICROS~1\rapimgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    --------------- [ Processus infectieux stoppés ] ----------------

    "C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe" (2496)

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    »»»» Presence des fichiers dans C:\WINDOWS

    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

    Found ! - C:\WINDOWS\prefetch\130203.EXE-23F76B78.pf
    Found ! - C:\WINDOWS\prefetch\14751640.EXE-280FC5E6.pf
    Found ! - C:\WINDOWS\prefetch\14801812.EXE-0E0B75E1.pf
    Found ! - C:\WINDOWS\prefetch\14809750.EXE-33371CC2.pf
    Found ! - C:\WINDOWS\prefetch\14857531.EXE-0C5600F0.pf
    Found ! - C:\WINDOWS\prefetch\14900484.EXE-0ADE99F3.pf
    Found ! - C:\WINDOWS\prefetch\14910281.EXE-38D96029.pf
    Found ! - C:\WINDOWS\prefetch\15029406.EXE-13C906BB.pf
    Found ! - C:\WINDOWS\prefetch\15055390.EXE-214775E3.pf
    Found ! - C:\WINDOWS\prefetch\186890.EXE-2BBE5F4A.pf
    Found ! - C:\WINDOWS\prefetch\193156.EXE-3AC59381.pf
    Found ! - C:\WINDOWS\prefetch\207968.EXE-0A79DB50.pf
    Found ! - C:\WINDOWS\prefetch\236171.EXE-2A7B3B25.pf
    Found ! - C:\WINDOWS\prefetch\250828.EXE-02F1D6D9.pf
    Found ! - C:\WINDOWS\prefetch\29571343.EXE-236246E1.pf
    Found ! - C:\WINDOWS\prefetch\29664046.EXE-3B96B0EC.pf
    Found ! - C:\WINDOWS\prefetch\324812.EXE-1D1D1DDC.pf
    Found ! - C:\WINDOWS\prefetch\430734.EXE-1A815365.pf
    Found ! - C:\WINDOWS\prefetch\44110781.EXE-0659F9D1.pf
    Found ! - C:\WINDOWS\prefetch\44153796.EXE-17E88BE6.pf
    Found ! - C:\WINDOWS\prefetch\44267187.EXE-2465EA26.pf
    Found ! - C:\WINDOWS\prefetch\44299640.EXE-17E47E0C.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-00D2F877.pf
    Found ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
    Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-02D2AA6C.pf
    Found ! - C:\WINDOWS\Prefetch\INSTALL_PATCH.EXE-1F0515D9.pf

    »»»» Presence des fichiers dans C:\WINDOWS\system32

    Found ! [16/01/2009 17:22] - C:\WINDOWS\system32\mdelk.exe
    Found ! [16/01/2009 17:22] - C:\WINDOWS\system32\wintems.exe
    Found ! [16/01/2009 17:23] - C:\WINDOWS\system32\ban_list.txt

    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

    »»»» Presence des fichiers dans C:\Documents and Settings\Jean Paul\Application Data

    Found ! [16/01/2009 17:19] - "C:\Documents and Settings\Jean Paul\Application Data\m\flec006.exe"
    Found ! [16/01/2009 17:20] - "C:\Documents and Settings\Jean Paul\Application Data\m\list.oct"
    Found ! [16/01/2009 17:20] - "C:\Documents and Settings\Jean Paul\Application Data\m\data.oct"
    Found ! [16/01/2009 17:20] - "C:\Documents and Settings\Jean Paul\Application Data\m\srvlist.oct"
    Found ! [16/01/2009 17:22] - "C:\Documents and Settings\Jean Paul\Application Data\m\shared"
    Found ! [12/01/2009 08:21] - "C:\Documents and Settings\Jean Paul\Application Data\m"
    Found ! [12/01/2009 08:19] - "C:\Documents and Settings\Jean Paul\Application Data\drivers"
    Found ! [16/01/2009 17:18] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa.sys"
    Found ! [16/01/2009 17:18] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa2.sys"
    Found ! [06/06/2005 05:09] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe"
    Found ! [16/01/2009 17:23] - "C:\Documents and Settings\Jean Paul\Application Data\drivers\downld"

    »»»» Presence des fichiers dans C:\DOCUME~1\JEANPA~1\LOCALS~1\Temp

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    H/PC Connection Agent="D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    EPSON Stylus DX4400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S104.tmp" /EF "HKCU"
    vmnem="c:\documents and settings\jean paul\local settings\application data\vmnem.exe" vmnem
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    UVS10 Preload=d:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    ntiMUI=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    MediaLifeService="D:\Program Files\MediaLife\MediaLifeService.exe"
    LaunchApp=Alaunch
    IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    ehTray=C:\WINDOWS\ehome\ehtray.exe
    Creative WebCam Tray=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    Acer Empowering Technology Monitor=C:\WINDOWS\system32\SysMonitor.exe
    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    Adobe Photo Downloader="D:\Program Files\3.2\Apps\apdproxy.exe"
    EoEngine=
    _BackupService="D:\Program Files\Astase\UltraBackup\4.9\bin\tbs.exe" -start
    thnotify="D:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe" /start
    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper="D:\Program Files\iTunes\iTunesHelper.exe"
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    RTHDCPL=RTHDCPL.EXE
    Alcmtr=ALCMTR.EXE
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Kodak EasyShare]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\msmsgs]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\NTI WaveEditor]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\SmaPanel]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\TestProg]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    --------------- [ Registre / Clés infectieuses ] ----------------

    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\install_patch
    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR

    /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
    /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

    --------------- [ Etat / Services ] ----------------

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    /!\ Mode sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    /!\ Mode sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    /!\ Mode sans echec non fonctionnel !!

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    EapHost - Type de démarrage = 3

    /!\ Ip6Fw - Type de démarrage = 4

    /!\ SharedAccess - Type de démarrage = 4

    /!\ wuauserv - Type de démarrage = 4

    /!\ wscsvc - Type de démarrage = 4

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    J: - Lecteur fixe

    +- presence des fichiers :

    --------------- [ Registre / Mountpoint2 ] ----------------

    -> Not found !

    ------------------- ! Fin du rapport ! --------------------
    0
  8. V-X
     
    Re,

    Findykill de chiquitine29 option 2:

    ▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

    ▶ Double-clique sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal, choisisl'option 2 (Suppression)

    /!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

    ▶ Ensuite, poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  9. papypolo Messages postés 38 Statut Membre
     
    ----------------- FindyKill V4.712 ------------------

    * User : Jean Paul - ACER
    * executed from : C:\Program Files\FindyKill
    * Update on 14/01/09 par Chiquitine29
    * Start at 18:09:38 the 16/01/2009
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    »»»» Supression files in C:\WINDOWS

    »»»» Supression files in C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\130203.EXE-23F76B78.pf
    Deleted ! - C:\WINDOWS\prefetch\14751640.EXE-280FC5E6.pf
    Deleted ! - C:\WINDOWS\prefetch\14801812.EXE-0E0B75E1.pf
    Deleted ! - C:\WINDOWS\prefetch\14809750.EXE-33371CC2.pf
    Deleted ! - C:\WINDOWS\prefetch\14857531.EXE-0C5600F0.pf
    Deleted ! - C:\WINDOWS\prefetch\14900484.EXE-0ADE99F3.pf
    Deleted ! - C:\WINDOWS\prefetch\14910281.EXE-38D96029.pf
    Deleted ! - C:\WINDOWS\prefetch\15029406.EXE-13C906BB.pf
    Deleted ! - C:\WINDOWS\prefetch\15055390.EXE-214775E3.pf
    Deleted ! - C:\WINDOWS\prefetch\186890.EXE-2BBE5F4A.pf
    Deleted ! - C:\WINDOWS\prefetch\193156.EXE-3AC59381.pf
    Deleted ! - C:\WINDOWS\prefetch\207968.EXE-0A79DB50.pf
    Deleted ! - C:\WINDOWS\prefetch\236171.EXE-2A7B3B25.pf
    Deleted ! - C:\WINDOWS\prefetch\250828.EXE-02F1D6D9.pf
    Deleted ! - C:\WINDOWS\prefetch\29571343.EXE-236246E1.pf
    Deleted ! - C:\WINDOWS\prefetch\29664046.EXE-3B96B0EC.pf
    Deleted ! - C:\WINDOWS\prefetch\324812.EXE-1D1D1DDC.pf
    Deleted ! - C:\WINDOWS\prefetch\430734.EXE-1A815365.pf
    Deleted ! - C:\WINDOWS\prefetch\44110781.EXE-0659F9D1.pf
    Deleted ! - C:\WINDOWS\prefetch\44153796.EXE-17E88BE6.pf
    Deleted ! - C:\WINDOWS\prefetch\44267187.EXE-2465EA26.pf
    Deleted ! - C:\WINDOWS\prefetch\44299640.EXE-17E47E0C.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-00D2F877.pf
    Deleted ! - C:\WINDOWS\prefetch\INSTALL_PATCH.EXE-1F0515D9.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
    Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-02D2AA6C.pf

    »»»» Supression files in C:\WINDOWS\system32

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    »»»» Supression files in C:\WINDOWS\system32\drivers

    »»»» Supression files in C:\Documents and Settings\Jean Paul\Application Data

    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\list.oct"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\data.oct"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\srvlist.oct"
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\!Cellphone Nokia Sony Ericsson Siemens.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\.Kaspersky.Security.Suite.Personal.(Keygen).zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\3X0-103 - Linux Networking (Level 1) Practice Exam Questions 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\404
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\A Smaller Image 3.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\A3D JMapping 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Abcc All Video Converter Pro 5.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\ABCPix 2.13.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Advanced Batch Filter 3.51 Bulid20050711.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Affinity 1.4.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\All Video Converter Pack.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Alternate's ASCII Artist 2.0.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Any Video Converter Pro 2.6.7.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\ApexSQL Enforce 2008.02.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Aspose.Tasks for .Net (formerly Aspose.Project) 1.6.2.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\AVG.Anti-Virus.v7.1.362.Incl.Keygen-SSG.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Baby Names 1.0.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Billy Budd 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\BlueMarket Lite 1.4.3118.26184.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Book Text Mark 1.1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\BOS Desk Drive 1.6.9.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\bulletcalculatordtmv 0.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\CD Player 1.71.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Christmas Snowflakes Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Content Preferences 0.4.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Cool FLV Flash to All Video Converter 6.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Crack.Panda.Antivirus.Titanium.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\DayCalc 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\DBF Viewer Plus 1.50.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Drive Info 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\E-Zsoft DVD to iPod Converter 5.0.16.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\EASEUS Partition Manager Home Edition 3.0.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Easy Photo Recovery 2.4.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Effective-Word 2.001.012.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\EWDraw 5.5.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Ewido.Anti-Malware.3.5-RegPatch_CiM.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Extended System Tray 1.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Fatman ScreenMate 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Field Day Contest Log 2.8.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Firesomething 1.8.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\First Alert Service Monitor 08.11.17.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Floppy Madness v1.00.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Focus VideoPhone 3.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Form 1099-S Proceeds from Real Estate Transactions 1.01.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Formulas 3.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Fractal Snowflake Generator 1.4.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Free Audio CD to MP3 Converter 3.1.0.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\FreeStar CD Burner Software 1.0.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Gexonic E-Mail Notifier 1.0.2 Build 16.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Groovy backgrounds 25.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Handy Estimator Full 4.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\HQFax Beta-9.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Html Advert Creator 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Impulse 3.10.340 Build 942.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\iReveal 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Ivan DVD Ripper 1.11.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\JNG Format Plugin 0.8.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\JSW
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Kaspersky.Anti.Virus.v6.0.0.299.German.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Kitchen Table Talk Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\LenMus Phonascus 3.6.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Lenogo Video to iPod Converter 4.2.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 Russian - Armenian 2.3.90.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Maxapt QuickEye Enterprise 2.7.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Mcafee.Virusscan.Enterprise.8.0I.Cumulative.Patch.14.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\MKB Backup Solution 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Mojo 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Money Decoder 1.1.4.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Monkey 1.02.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Morning Paper 1.92.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Music Database 2000 2.254.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\NDD MovieBank 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Nemesis 3.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Network Packet Analyzer CAPSA 6.9 Build 1143.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\NeuroSpy 0.9.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\NoteWorthy Composer 1.75c.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Office Tracker Scheduling Software 6.5.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Party Babes 2004 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Pazera Free 3GP to AVI Converter 1.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\PC OMR 8.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Perfect Day
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Personal Serial Communications Library for Pascal 6.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Petals in the Wind 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Pick-a-Proxy Toolbar 1.3.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Portable Bezier Curve Path Generator 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\PS2-Mobile.Suite.Gundam.Seed.NTSC_Multi5_DVDFull_.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Puppy Toes Pedigree Generator 4.0 Build 134.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\ReaSoft Data Backup 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Receipt Book Manager 6.8.4.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Recipe Database .9b.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Rich Text Icon Collection 1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\RSP Encrypt .Net 1.0.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Salsa Rhythm Machine 3.0.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Simple Calculator 1.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Small Stella 4.1.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Sophos.Antivirus.v4.5.10.R2.Win9xME.Multilingual-DVT.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Splendid City Sports Scheduler Lite 6.6.3.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\SpywareBlaster 4.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Star ASF Converter 1.2.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Startup Sentry 2.20.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Sun and Moon World Map 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\SunoSoft S-Crypto II 2.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Symantec_Norton_Antivirus_Corporate_10.1.5.5000_Fr_[Gathaka].zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Syncronize Backup 1.37.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Tab Slideshow 2.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TapTap Hotkey Extender 1.03.01.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Tesseract PAD Submitter 2.2.6 Build 97.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\The Good Shepherd Screensaver.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Time & Chaos 7.0.3.6.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TjanEverGauge.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TOP RingTones for Mobile Phones.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TrayIt! 4.6.5.5.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\TrendCatch FX 4.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Undelete Memory Stick 1.6 Build 789.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\UniDirect .NET Data Provider 2.05.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\VeriFinger Extended SDK 6.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\VisioForge Video Capture ActiveX Edition 3.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Voxengo OldSkoolVerb 1.4.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Vypress Chat 2.1.5.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\WAP WBMP Export 1.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\WebPic Deluxe 2.0.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Windows Media Stream Recorder 11.2.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\WordFinder 2.1.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\Xitami 2.5c2 beta.zip
    Deleted ! - C:\Documents and Settings\Jean Paul\Application Data\m\shared\XP Tools Software Aquarium Screensaver 1.0.zip
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m\shared"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\m"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa.sys"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\srosa2.sys"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers\downld"
    Deleted ! - "C:\Documents and Settings\Jean Paul\Application Data\drivers"

    »»»» Supression files in C:\DOCUME~1\JEANPA~1\LOCALS~1\Temp

    »»»» Supression files in C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\1MB4YC06\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\1MB4YC06\b64[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\1MB4YC06\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\38I038NS\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\68I43U4M\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\68I43U4M\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\68I43U4M\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\6GZNOK1Q\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\6GZNOK1Q\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\7BX4V8WZ\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\7BX4V8WZ\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\FIXIIWO5\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\FIXIIWO5\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\FIXIIWO5\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IMZN7QLW\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\INJI46SE\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\IU7RQOHX\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\LR1KWK0E\b64_5[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\N10CC36S\b64_2[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NJOKTIIY\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NYXCT1GK\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\NYXCT1GK\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\OJCXX9PG\file[1].txt
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_1[4].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\VJRYJG39\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\WZ5ASUT8\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_1[4].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YAT7XM2J\mxd[2].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YD3EBK3L\b64[1].jpg
    Deleted ! - C:\Documents and Settings\Jean Paul\Local Settings\Temporary Internet Files\Content.IE5\YD3EBK3L\b64_3[1].jpg

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_CURRENT_USER\Software\bisoft
    Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! - HKEY_CURRENT_USER\Software\FirtR
    Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\install_patch
    Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\FFC
    Deleted ! - HKEY_USERS\S-1-5-21-764285804-3406065394-1520709032-1005\Software\MuleAppData

    --------------- [ States / Restarting of services ] ----------------

    +- Safe boot mode restored !

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    F: - Lecteur amovible

    J: - Lecteur fixe

    +- deleting files :

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Other Infections ] ----------------

    Références de comparaison Bagle MD5 :

    113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
    113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
    ebe38e2fcd97bfaf184cd5386100b529 C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe

    Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\Program Files\Messenger\msmsgs.exe
    Suspect ! - 64f497dace34ea0c38569c4c0549fe03 C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP115\A0028565.exe
    Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032435.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032444.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032459.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032491.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032515.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032520.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032537.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032564.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032611.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032613.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032624.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032644.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032656.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032657.exe
    Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032666.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032675.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032694.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032729.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032748.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032764.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032777.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032794.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032809.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032823.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032828.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032850.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032880.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032894.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032908.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032930.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032940.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032959.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032960.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032977.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0032996.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0033010.exe
    Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0033040.exe

    --------------- [ Searching Cracks / Keygen ] ----------------

    ---------------- ! End of report ! ------------------
    0
  10. V-X
     
    Re,

    ▶ Télécharge hijackthis

    ▶ Enregistre la cible sous .... "le bureau"

    ▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

    ▶ Clique sur Install ensuite sur "I Accept"

    ▶ Clique sur" Do a scan system and save log file"

    ▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    ▶ Tuto hijackthis(Merci à Balltrap34)

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  11. papypolo Messages postés 38 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:27:57, on 16/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grapi.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UVS10 Preload] d:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [MediaLifeService] "D:\Program Files\MediaLife\MediaLifeService.exe"
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [_BackupService] "D:\Program Files\Astase\UltraBackup\4.9\bin\tbs.exe" -start
    O4 - HKLM\..\Run: [thnotify] "D:\Program Files\Astase\UltraBackup\4.9\bin\thtrayagent.exe" /start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S104.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [vmnem] "c:\documents and settings\jean paul\local settings\application data\vmnem.exe" vmnem
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Jean Paul\Application Data\drivers\winupgro.exe
    O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Jean Paul\Application Data\m\flec006.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: World Community Grid - BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'Default user')
    O4 - .DEFAULT Startup: World Community Grid - BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
    O4 - Startup: World Community Grid - BOINC Manager.lnk = D:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYFR
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~2\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~2\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~2\MICROS~1\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O17 - HKLM\System\CCS\Services\Tcpip\..\{501AB30F-8BB2-4826-B129-177AA34C539A}: NameServer = 212.27.53.252,212.27.54.252
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
    O23 - Service: Astase ThalliumBackup Client Background Service (thpassivesvc) - Astase - D:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  12. V-X
     
    Re,

    Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    Mets le à jour

    ▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

    ▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

    ▶ clique sur Rechercher

    ▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

    Tutoriel pour MalwareByte's
    0
  13. V-X
     
    Re,

    Aussi si tu utiliser avast comme antivirus je te conseil de mettre celui là:

    ▶ D'installer cet Antivirus:

    ANTIVIR

    ▶ Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

    ▶ Dans Antivir, choisis Outils puis Configuration.

    ▶ Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

    Avast et Antivir : comparaisons, et passage à Antivir.

    ▶ Fait la mise à jour d'antivir
    0
  14. papypolo Messages postés 38 Statut Membre
     
    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1659
    Windows 5.1.2600 Service Pack 3

    16/01/2009 18:39:48
    mbam-log-2009-01-16 (18-39-48).txt

    Type de recherche: Examen rapide
    Eléments examinés: 63561
    Temps écoulé: 3 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 22
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\Jean Paul\Local Settings\Application Data\vmnem_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Local Settings\Application Data\vmnem_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Local Settings\Application Data\vmnem.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Log\log_2007_04_12_08_52_29.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Log\log_2007_04_12_08_52_30.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jean Paul\Application Data\RegistrySmart\Registry Backups\2007-04-12_08-54-39.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    0
  15. V-X
     
    Re,

    Redémarre ton pc normalement et fait ce qui suit:

    ▶ Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

    /!\ Déconnectes toi et fermes toutes applications en cours/!\

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  16. papypolo Messages postés 38 Statut Membre
     
    ------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

    Updated by C_XX on 14/01/2009 at 20:00

    START AT: 18:54:21 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    BOOT MODE: Normal
    OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    PC: ACER | USER: Jean Paul ( Current user is an administrator)
    DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT)
    - J:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 59

    +--------------------| Boonty/Boonty Games Elements found :

    .
    .

    +--------------------| Eorezo Elements found :

    .
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
    HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
    .
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\cmhost.cyp
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\ConfMedia.cyp
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\db
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\host.cyp
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\user.cyp
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\db\cat.cyp
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop\config.xml
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop\eoDesktop.html
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo\eoDesktop\userConfig.xml
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

    +--------------------| Everest Casino/Everest Poker Elements found :

    .
    .

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    .
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
    .
    C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

    +--------------------| It's TV Elements found :

    .

    +--------------------| Sweetim Elements found :

    .
    .

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\b3toa7st.default\prefs.js :

    ~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

    * Browser Startup HomePage: "http://www.grapi.net/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.13 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.grapi.net/

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

    +---------------------------------------------------------------------------+

    [~4106 bytes] - "C:\AD-report-Scan-16.01.2009.log"

    END AT: 18:55:24 | 16/01/2009 - Time elapsed: 63.3 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 81 lines ]
    +---------------------------------------------------------------------------+
    0
  17. V-X
     
    Re,

    /!\ Déconnectes toi et fermes toutes applications en cours /!\

    ▶ Relances "Ad-remover" : au menu principal choisi l'option "B" .

    http://apu.mabul.org/up/apu/2008/11/19/img-221318q2g03.jpg

    ▶ Ensuite coche:

    Eorezo=>Entré
    MyWebSearch=>Entré

    ▶ Puis "S"

    ▶ le programme va travailler ...

    ▶ Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
    0
  18. papypolo Messages postés 38 Statut Membre
     
    ------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

    Updated by C_XX on 14/01/2009 at 20:00

    *** Limited to ***

    Eorezo
    Funwebproduct/MyWay/MyWebsearch

    ******************

    START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    BOOT MODE: Normal
    OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    PC: ACER | USER: Jean Paul ( Current user is an administrator)
    DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT)
    - J:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 56

    (!) ---- IE start pages reset

    +--------------------| Eorezo Elements Deleted :

    .
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
    HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
    .
    C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\b3toa7st.default\prefs.js :

    ~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

    * Browser Startup HomePage: "http://www.grapi.net/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.13 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    [~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
    [~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

    END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 67 lines ]
    +---------------------------------------------------------------------------+

    ------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

    Updated by C_XX on 14/01/2009 at 20:00

    *** Limited to ***

    Eorezo
    Funwebproduct/MyWay/MyWebsearch

    ******************

    START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    BOOT MODE: Normal
    OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    PC: ACER | USER: Jean Paul ( Current user is an administrator)
    DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT)
    - J:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 56

    (!) ---- IE start pages reset

    +--------------------| Eorezo Elements Deleted :

    .
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
    HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
    .
    C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\b3toa7st.default\prefs.js :

    ~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

    * Browser Startup HomePage: "http://www.grapi.net/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.13 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    [~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
    [~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

    END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 67 lines ]
    +---------------------------------------------------------------------------+

    ------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

    Updated by C_XX on 14/01/2009 at 20:00

    *** Limited to ***

    Eorezo
    Funwebproduct/MyWay/MyWebsearch

    ******************

    START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    BOOT MODE: Normal
    OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    PC: ACER | USER: Jean Paul ( Current user is an administrator)
    DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT)
    - J:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 56

    (!) ---- IE start pages reset

    +--------------------| Eorezo Elements Deleted :

    .
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
    HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
    .
    C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\b3toa7st.default\prefs.js :

    ~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

    * Browser Startup HomePage: "http://www.grapi.net/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.13 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    [~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
    [~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

    END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 67 lines ]
    +---------------------------------------------------------------------------+

    ------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------

    Updated by C_XX on 14/01/2009 at 20:00

    *** Limited to ***

    Eorezo
    Funwebproduct/MyWay/MyWebsearch

    ******************

    START AT: 19:10:29 | Ven 16/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    BOOT MODE: Normal
    OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    PC: ACER | USER: Jean Paul ( Current user is an administrator)
    DRIVE(S):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT)
    - J:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\system32\

    --- RUNNING PROCESSES: 56

    (!) ---- IE start pages reset

    +--------------------| Eorezo Elements Deleted :

    .
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
    HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Documents and Settings\Jean Paul\Application Data\EoRezo
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@ads.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache0.eorezo[2].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache1.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache2.eorezo[1].txt
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@scache3.eorezo[2].txt

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
    .
    C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
    C:\Documents and Settings\Jean Paul\Cookies\jean_paul@mywebsearch[1].txt

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +--------------------| ADDED SCAN :

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ..\b3toa7st.default\prefs.js :

    ~~~~ Mozilla FireFox version 2.0.0.1 ~~~~

    * Browser Startup HomePage: "http://www.grapi.net/"

    .

    +---------------------------------------------------------------------------+

    ~~~~ Internet Explorer version 7.0.5730.13 ~~~~

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    [~3314 bytes] - "C:\AD-report-Clean-16.01.2009.log"
    [~4438 bytes] - "C:\AD-report-Scan-16.01.2009.log"

    END AT: 19:11:43 | 16/01/2009 - Time elapsed: 74.0 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 67 lines ]
    +---------------------------------------------------------------------------+
    0
  19. V-X
     
    Re,

    ▶ Installe NAVILOG1

    Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

    ▶ Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
    / !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\

    Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe

    (Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

    Une fois l'installation terminé, pour lancer le fix :

    - en utilisant le raccourci crée sur le bureau : Navilog1

    - Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

    Après le choix de la langue et les messages d'avertissement, le menu s'affiche.

    Faite le choix 1

    Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.

    (si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

    Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  20. papypolo Messages postés 38 Statut Membre
     
    Grand merci à V-X pour son aide.
    Après toutes ces manip. , hier soir j'ai voulu voir si mon système refonctionnait avant de faire la dernière manip que vous m'indiquiez.
    J'ai commencé par une mise à jour de windows qui a fonctionnée.
    J'ai rechargé Avira et ai effectué un scan qui m'a encore éliminé quelques troj (j'ai le rapport)
    J'ai passé spybot ok et malware ok.
    La situation semble rétabli, Au départ de mon problème le virus m'avait supprimé l'accés au son, il ne reconnaissait plus mes HP, et ensuite j'ai réalisé qu'avira ne fonctionnait plus, pas de mise à jour de windows et la suite.....
    Merci encore
    0
  21. V-X
     
    Re,

    Ce n'est pas fini .

    Passe navilog 1 et poste mpoi le rapport .

    merci
    0
  • 1
  • 2
  • 3