Norton 360 n'analyse plus
Makito
-
klodemixtape Messages postés 66 Date d'inscription Statut Membre Dernière intervention -
klodemixtape Messages postés 66 Date d'inscription Statut Membre Dernière intervention -
Bonjour, j'ai Norton 360 et quand je veux lancer une analyse il y a juste une fenètre qui s'ouvre et il n'analyse aucun fichier. J'ai voulus faire un Windows Update pour voir s'il y avait un rapport et il m'afficher une erreur avec un code 802244019 pareil pour Windows defender. De temps à autre des pages internet d'ouvrent toutes seul et parfois quand je clic sur un lien je me retrouve sur un tout autre site et me dit quand la page existe pas. Voila j'espère etre asser précis. ( Dsl je ne m'y connais pas trop en informatique)
PS: je suis sur Vista
PS: je suis sur Vista
A voir également:
- Norton 360 n'analyse plus
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse performance pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Norton utilities ultimate gratuit - Télécharger - Optimisation
103 réponses
ok ^^ bye bonne nuit
omboFix 09-06-05.03 - jacob dominique 05/06/2009 23:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3326.2212 [GMT 2:00]
Lancé depuis: c:\users\jacob dominique\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Windows Live\Messenger\MsnMsgr.exe
c:\users\IUSR_NMPR\Desktop\PCenter.lnk
c:\users\jacob dominique\AppData\Roaming\.#
c:\users\jacob dominique\AppData\Roaming\.#\MBX@1750@3D2930.###
c:\users\jacob dominique\AppData\Roaming\.#\MBX@1750@3D2960.###
c:\users\jacob dominique\AppData\Roaming\.#\MBX@1750@3D2990.###
c:\users\jacob dominique\AppData\Roaming\PCenter
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\cg.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\mw.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\rd.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\sc.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\sm.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\cg.key
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\rd.key
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\sc.key
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\sp.key
c:\users\jacob dominique\AppData\Roaming\PCenter\temp\settings.ini
c:\users\jacob dominique\AppData\Roaming\PCenter\temp\spfilter
c:\users\jacob dominique\Documents\My Documents.url
c:\users\jacob dominique\Favorites\Online Security Test.url
c:\users\JACOBD~1\FAVORI~1\Online Security Test.url
c:\windows\system32\drivers\gxvxcrnxcxgubeetcivrtoempevtfuccejlhp.sys
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\Drivers\sptd.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcviawcpjrsrddumwdrqhpqsbotbxxdspk.dll
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:46 . 2009-06-05 21:46 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 21:45 . 2009-06-05 21:47 -------- d-----w- c:\users\jacob dominique\AppData\Local\temp
2009-06-05 21:45 . 2009-06-05 21:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-06-05 21:20 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 21:20 . 2009-06-05 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 21:20 . 2009-06-05 21:20 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-05 21:20 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 20:57 . 2009-06-05 21:46 3488931840 --sha-w- \hiberfil.sys
2009-06-05 20:27 . 2009-06-05 21:05 -------- d-----w- C:\WORT
2009-06-05 20:27 . 2009-06-05 21:05 -------- d-----w- \WORT
2009-06-05 20:22 . 2009-06-05 20:24 -------- d-----w- C:\ToolBar SD
2009-06-05 20:22 . 2009-06-05 20:24 -------- d-----w- \ToolBar SD
2009-06-05 20:16 . 2009-06-05 20:55 -------- d-sha-r- \autorun.inf
2009-06-05 20:13 . 2009-06-05 20:18 -------- d-----w- C:\UsbFix
2009-06-05 20:13 . 2009-06-05 20:18 -------- d-----w- \UsbFix
2009-06-05 19:44 . 2009-06-05 19:46 -------- d-----w- c:\program files\trend micro
2009-06-05 19:44 . 2009-06-05 19:44 -------- d-----w- C:\rsit
2009-06-05 19:44 . 2009-06-05 19:44 -------- d-----w- \rsit
2009-06-05 19:28 . 2009-06-05 19:28 -------- d-----w- c:\progra~2\NortonInstaller
2009-06-05 19:03 . 2009-06-05 19:03 -------- d-----w- c:\program files\Spybot
2009-06-05 16:31 . 2009-06-05 18:30 -------- d-----w- c:\program files\a-squared Free
2009-06-05 13:19 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-05 13:19 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-05 13:19 . 2009-06-05 13:19 -------- d-----w- c:\program files\Avira
2009-06-05 13:19 . 2009-06-05 13:19 -------- d-----w- c:\progra~2\Avira
2009-05-26 05:50 . 2009-05-26 05:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-26 05:49 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-05-26 05:49 . 2009-05-26 05:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-21 15:48 . 2009-05-21 15:52 -------- d-----w- c:\program files\VideoLAN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:47 . 2009-02-09 18:02 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Skype
2009-06-05 21:47 . 2009-02-20 08:33 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\EoRezo
2009-06-05 21:46 . 2008-12-24 07:46 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\DNA
2009-06-05 21:46 . 2008-12-13 17:22 -------- d-----w- c:\program files\Steam
2009-06-05 21:46 . 2009-06-05 20:57 3488931840 --sha-w- \hiberfil.sys
2009-06-05 21:46 . 2007-10-02 07:16 3802542080 --sha-w- \pagefile.sys
2009-06-05 20:48 . 2008-06-06 15:32 8268 ----a-w- c:\users\jacob dominique\AppData\Local\d3d9caps.dat
2009-06-05 20:13 . 2007-10-02 16:52 684170 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-05 20:13 . 2007-10-02 16:52 128226 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-05 20:09 . 2008-12-24 07:46 -------- d-----w- c:\program files\DNA
2009-06-05 20:09 . 2009-02-20 08:33 -------- d-----w- c:\program files\EoRezo
2009-06-05 19:30 . 2007-10-02 07:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-05 19:30 . 2008-07-17 09:49 -------- d-----w- c:\progra~2\Symantec
2009-06-05 19:30 . 2008-01-08 15:10 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Symantec
2009-06-04 13:17 . 2008-01-08 16:20 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-04 13:15 . 2008-01-08 16:20 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-26 05:50 . 2008-11-28 14:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-26 05:48 . 2008-11-28 14:02 -------- d-----w- c:\program files\Nokia
2009-05-26 05:46 . 2008-11-28 13:55 -------- d-----w- c:\progra~2\Installations
2009-05-24 16:30 . 2008-12-13 17:22 -------- d-----w- c:\program files\Common Files\Steam
2009-05-14 15:30 . 2008-02-29 18:46 108 ----a-w- c:\users\jacob dominique\AppData\Roaming\wklnhst.dat
2009-05-14 14:53 . 2008-02-29 18:46 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Template
2009-05-01 05:34 . 2007-10-02 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 05:29 . 2008-11-09 17:13 -------- d-----w- c:\program files\Ubisoft
2009-05-01 05:28 . 2008-01-01 10:40 -------- d-----w- c:\progra~2\Microsoft Help
2009-04-29 06:28 . 2007-12-30 09:29 127216 ----a-w- c:\users\jacob dominique\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 06:26 . 2007-10-02 07:58 -------- d-----w- c:\program files\Google
2009-04-28 18:32 . 2008-11-03 15:07 -------- d-----w- c:\program files\Yahoo!
2009-04-28 18:25 . 2007-12-31 08:11 -------- d-----w- c:\program files\Red Storm Entertainment
2009-04-28 18:22 . 2008-01-02 10:43 -------- d-----w- c:\program files\EA Games
2009-04-27 15:23 . 2009-02-09 18:05 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\skypePM
2009-04-22 13:39 . 2008-12-13 15:20 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Hamachi
2009-04-17 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-15 05:54 . 2007-10-02 07:51 -------- d-----w- c:\program files\Java
2009-04-08 17:39 . 2008-01-01 10:10 -------- d-----w- c:\program files\Windows Live
2009-03-17 03:38 . 2009-04-17 06:16 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 06:16 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2009-01-01 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2007-10-02 17:08 . 2007-10-02 16:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Steam"="c:\program files\Steam\Steam.exe" [2009-05-20 1217784]
"BitTorrent DNA"="c:\users\jacob dominique\Program Files\DNA\btdna.exe" [2008-12-30 342848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-03 636072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
"SoftwareHelper"="c:\users\jacob dominique\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
c:\users\jacob dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1FC58CAE-9041-4C88-AE8B-22B3E1D33844}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DB15055D-6108-4471-8E52-381E24DC59F6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{48EF378E-A005-4F5C-9076-4EBE23D7E939}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{CCFAFA9C-971D-4A08-9292-5FCB93A5352C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{0A4E271B-268E-4272-BA6C-1F46C213CD0C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2CC2F3DE-D53A-4371-9813-60B86835C2CB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{799B334F-30AF-47B1-81DC-50D690A26ABB}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C910AACE-8400-4607-B78E-10F86AFB75B3}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E5172F70-2C02-4192-A165-E6AE95E002D7}"= UDP:c:\program files\Diablo II bis\Diablo II.exe:Diablo II - Lord of Destruction
"{B2899E6C-D6F7-4ECE-A942-F6FBEE363EAF}"= TCP:c:\program files\Diablo II bis\Diablo II.exe:Diablo II - Lord of Destruction
"{F6487791-CA9F-4180-BEDF-3F29A767E3F5}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{FC6BA156-5688-42C9-8A12-03501C0F0705}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{2720D870-0FFC-40E0-B268-05E733C7BE46}"= UDP:3724:Blizzard Downloader
"{07AD213D-35BC-4B08-B028-E6A53AE0BE77}"= UDP:6112:Blizzard Downloader
"TCP Query User{E9F30926-5139-47B2-88ED-0587DE636C09}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{004758A0-90E3-4295-A1A6-8A65A438BA13}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{2629B0F2-BFB4-4808-882F-E646CDC27B37}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{660103B8-4258-4305-B2A0-E7823EF69166}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{F062FB6C-F8E9-4259-B0A2-3D85AC331AFF}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{91B76BA1-372F-4687-9B7C-62DF25BC0177}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{4FEDB485-8078-47E3-8D54-FEB60EBBCE9C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{95156D10-8B1A-48DE-A4E4-E3B3A17F12A0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3D2ABA34-85C1-4213-B3D8-177E1FDA8739}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{AD78D4CE-EDCB-4531-9B44-16670530DC99}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{2385ABC7-128E-43AD-98D1-FC6B358388B8}"= UDP:3724:Blizzard Downloader: 3724
"{A2AFC6FD-F129-499A-8C0A-84746454CE85}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{43F1C21F-ED0F-46A8-A4B0-4DC99C6F3338}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{07B7B8B5-579D-47C7-9DA9-3E8961291E2D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{07878A1F-4CB7-457F-9BE9-2CACC243D80D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FE0B20A8-8446-40AA-B487-88702DF16D19}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EAA451BD-3368-43E8-A532-E90F8AFC6072}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{468FCB3C-0058-42B6-85C5-E9298CE568FF}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{50726671-73DF-4CEE-BAEE-BF44323DA69B}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{36D37CBE-5556-435E-9300-9F94B06B0A01}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{285FDA0F-39B7-4518-9153-E505AA68DD29}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{C725EEA0-63AC-42B6-8945-D3B3D1D69029}c:\\program files\\nouveau dossier\\left 4 dead\\left4dead.exe"= UDP:c:\program files\nouveau dossier\left 4 dead\left4dead.exe:left4dead
"UDP Query User{7A8F6562-0984-4286-84B3-6FE43717CEF7}c:\\program files\\nouveau dossier\\left 4 dead\\left4dead.exe"= TCP:c:\program files\nouveau dossier\left 4 dead\left4dead.exe:left4dead
"TCP Query User{269E911F-7C15-45DF-91A9-9B34008ED876}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{031C253C-6C4D-4A66-8129-B5E172C05DDD}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{C4D09069-725A-4195-AF08-056E85BC9126}c:\\users\\jacob dominique\\program files\\dna\\btdna.exe"= UDP:c:\users\jacob dominique\program files\dna\btdna.exe:btdna.exe
"UDP Query User{184FC27B-74CE-4DC6-86F3-092FED508B2A}c:\\users\\jacob dominique\\program files\\dna\\btdna.exe"= TCP:c:\users\jacob dominique\program files\dna\btdna.exe:btdna.exe
"{ED0CE9C7-14AD-4092-9C92-D3136E7DA689}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C49CEA9-874C-4D28-A237-8F62474107A5}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D9C2EF8D-60EF-47A9-BAC4-97A95E06E1B1}"= Disabled:UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DD27F407-BB4E-4FCB-99A2-7D35597A21A4}"= Disabled:TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{95FFFCB6-B43C-42FC-BB8B-A2F8994AECC1}"= Disabled:UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{6F73ADEC-A10B-4A81-A7C4-A986A7AB6E72}"= Disabled:TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"TCP Query User{5A86D884-887D-452B-8463-BA4CA13CD6D3}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{210AB9F1-654E-4EE8-8893-28C5540C93E0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{0E75F515-70C4-4E08-A745-9F38B9AA0E2E}"= UDP:c:\users\jacob dominique\AppData\Local\Temp\7zS3236.tmp\SymNRT.exe:Norton Removal Tool
"{D98FC122-FF39-4960-A779-F29948207C46}"= TCP:c:\users\jacob dominique\AppData\Local\Temp\7zS3236.tmp\SymNRT.exe:Norton Removal Tool
"{F6829153-9944-49D8-A918-F64FE9E2443E}"= UDP:c:\users\jacob dominique\AppData\Local\Temp\7zS8C18.tmp\SymNRT.exe:Norton Removal Tool
"{AA483A6C-3412-4DAC-9DCF-41EB6AD7111C}"= TCP:c:\users\jacob dominique\AppData\Local\Temp\7zS8C18.tmp\SymNRT.exe:Norton Removal Tool
"{C07373AD-07E2-4FA1-BB55-ED5138F04DF0}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{EBC58C6A-C90F-4896-A8EC-249A22ABDCF0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2009 15:19 108289]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 10:32 208896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [02/10/2007 09:51 198240]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [26/02/2008 09:17 493568]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 09:13 29696]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/04/2009 17:09 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{951FEFE0-88AD-4C30-9F1A-59B3A24BCBA0}.job
- c:\windows\system32\msfeedssync.exe [2008-04-19 07:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{99BA268B-4021-4739-9945-3C774217FE75} - c:\program files\NetProject\sbmdl.dll
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 3.5.30729; .NET
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://y.lo.st
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mWindow Title =
mSearchURL = hxxp://internetsearchservice.com
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 23:46
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\SecuROM\License information*]
"datasecu"=hex:62,25,5c,ff,d0,77,af,bd,61,06,f2,27,2e,1e,12,84,df,59,95,38,24,
0b,bc,e8,9f,8e,da,83,6d,9d,29,05,ea,d4,f4,71,26,11,2a,c2,ea,93,76,35,f0,a6,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3636)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\schtasks.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\jusched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\hp\KBD\kbd.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-06-05 23:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-05 21:50
Avant-CF: 311 419 682 816 octets libres
Après-CF: 311 111 200 768 octets libres
324 --- E O F --- 2009-05-01 05:28
omboFix 09-06-05.03 - jacob dominique 05/06/2009 23:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3326.2212 [GMT 2:00]
Lancé depuis: c:\users\jacob dominique\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Windows Live\Messenger\MsnMsgr.exe
c:\users\IUSR_NMPR\Desktop\PCenter.lnk
c:\users\jacob dominique\AppData\Roaming\.#
c:\users\jacob dominique\AppData\Roaming\.#\MBX@1750@3D2930.###
c:\users\jacob dominique\AppData\Roaming\.#\MBX@1750@3D2960.###
c:\users\jacob dominique\AppData\Roaming\.#\MBX@1750@3D2990.###
c:\users\jacob dominique\AppData\Roaming\PCenter
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\cg.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\mw.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\rd.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\sc.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\dbases\sm.dat
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\cg.key
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\rd.key
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\sc.key
c:\users\jacob dominique\AppData\Roaming\PCenter\keys\sp.key
c:\users\jacob dominique\AppData\Roaming\PCenter\temp\settings.ini
c:\users\jacob dominique\AppData\Roaming\PCenter\temp\spfilter
c:\users\jacob dominique\Documents\My Documents.url
c:\users\jacob dominique\Favorites\Online Security Test.url
c:\users\JACOBD~1\FAVORI~1\Online Security Test.url
c:\windows\system32\drivers\gxvxcrnxcxgubeetcivrtoempevtfuccejlhp.sys
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\Drivers\sptd.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcviawcpjrsrddumwdrqhpqsbotbxxdspk.dll
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:46 . 2009-06-05 21:46 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 21:45 . 2009-06-05 21:47 -------- d-----w- c:\users\jacob dominique\AppData\Local\temp
2009-06-05 21:45 . 2009-06-05 21:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-06-05 21:20 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 21:20 . 2009-06-05 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 21:20 . 2009-06-05 21:20 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-05 21:20 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 20:57 . 2009-06-05 21:46 3488931840 --sha-w- \hiberfil.sys
2009-06-05 20:27 . 2009-06-05 21:05 -------- d-----w- C:\WORT
2009-06-05 20:27 . 2009-06-05 21:05 -------- d-----w- \WORT
2009-06-05 20:22 . 2009-06-05 20:24 -------- d-----w- C:\ToolBar SD
2009-06-05 20:22 . 2009-06-05 20:24 -------- d-----w- \ToolBar SD
2009-06-05 20:16 . 2009-06-05 20:55 -------- d-sha-r- \autorun.inf
2009-06-05 20:13 . 2009-06-05 20:18 -------- d-----w- C:\UsbFix
2009-06-05 20:13 . 2009-06-05 20:18 -------- d-----w- \UsbFix
2009-06-05 19:44 . 2009-06-05 19:46 -------- d-----w- c:\program files\trend micro
2009-06-05 19:44 . 2009-06-05 19:44 -------- d-----w- C:\rsit
2009-06-05 19:44 . 2009-06-05 19:44 -------- d-----w- \rsit
2009-06-05 19:28 . 2009-06-05 19:28 -------- d-----w- c:\progra~2\NortonInstaller
2009-06-05 19:03 . 2009-06-05 19:03 -------- d-----w- c:\program files\Spybot
2009-06-05 16:31 . 2009-06-05 18:30 -------- d-----w- c:\program files\a-squared Free
2009-06-05 13:19 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-05 13:19 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-05 13:19 . 2009-06-05 13:19 -------- d-----w- c:\program files\Avira
2009-06-05 13:19 . 2009-06-05 13:19 -------- d-----w- c:\progra~2\Avira
2009-05-26 05:50 . 2009-05-26 05:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-26 05:49 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-05-26 05:49 . 2009-05-26 05:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-21 15:48 . 2009-05-21 15:52 -------- d-----w- c:\program files\VideoLAN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:47 . 2009-02-09 18:02 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Skype
2009-06-05 21:47 . 2009-02-20 08:33 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\EoRezo
2009-06-05 21:46 . 2008-12-24 07:46 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\DNA
2009-06-05 21:46 . 2008-12-13 17:22 -------- d-----w- c:\program files\Steam
2009-06-05 21:46 . 2009-06-05 20:57 3488931840 --sha-w- \hiberfil.sys
2009-06-05 21:46 . 2007-10-02 07:16 3802542080 --sha-w- \pagefile.sys
2009-06-05 20:48 . 2008-06-06 15:32 8268 ----a-w- c:\users\jacob dominique\AppData\Local\d3d9caps.dat
2009-06-05 20:13 . 2007-10-02 16:52 684170 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-05 20:13 . 2007-10-02 16:52 128226 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-05 20:09 . 2008-12-24 07:46 -------- d-----w- c:\program files\DNA
2009-06-05 20:09 . 2009-02-20 08:33 -------- d-----w- c:\program files\EoRezo
2009-06-05 19:30 . 2007-10-02 07:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-05 19:30 . 2008-07-17 09:49 -------- d-----w- c:\progra~2\Symantec
2009-06-05 19:30 . 2008-01-08 15:10 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Symantec
2009-06-04 13:17 . 2008-01-08 16:20 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-04 13:15 . 2008-01-08 16:20 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-26 05:50 . 2008-11-28 14:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-26 05:48 . 2008-11-28 14:02 -------- d-----w- c:\program files\Nokia
2009-05-26 05:46 . 2008-11-28 13:55 -------- d-----w- c:\progra~2\Installations
2009-05-24 16:30 . 2008-12-13 17:22 -------- d-----w- c:\program files\Common Files\Steam
2009-05-14 15:30 . 2008-02-29 18:46 108 ----a-w- c:\users\jacob dominique\AppData\Roaming\wklnhst.dat
2009-05-14 14:53 . 2008-02-29 18:46 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Template
2009-05-01 05:34 . 2007-10-02 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 05:29 . 2008-11-09 17:13 -------- d-----w- c:\program files\Ubisoft
2009-05-01 05:28 . 2008-01-01 10:40 -------- d-----w- c:\progra~2\Microsoft Help
2009-04-29 06:28 . 2007-12-30 09:29 127216 ----a-w- c:\users\jacob dominique\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 06:26 . 2007-10-02 07:58 -------- d-----w- c:\program files\Google
2009-04-28 18:32 . 2008-11-03 15:07 -------- d-----w- c:\program files\Yahoo!
2009-04-28 18:25 . 2007-12-31 08:11 -------- d-----w- c:\program files\Red Storm Entertainment
2009-04-28 18:22 . 2008-01-02 10:43 -------- d-----w- c:\program files\EA Games
2009-04-27 15:23 . 2009-02-09 18:05 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\skypePM
2009-04-22 13:39 . 2008-12-13 15:20 -------- d-----w- c:\users\jacob dominique\AppData\Roaming\Hamachi
2009-04-17 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-15 05:54 . 2007-10-02 07:51 -------- d-----w- c:\program files\Java
2009-04-08 17:39 . 2008-01-01 10:10 -------- d-----w- c:\program files\Windows Live
2009-03-17 03:38 . 2009-04-17 06:16 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 06:16 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2009-01-01 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2007-10-02 17:08 . 2007-10-02 16:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Steam"="c:\program files\Steam\Steam.exe" [2009-05-20 1217784]
"BitTorrent DNA"="c:\users\jacob dominique\Program Files\DNA\btdna.exe" [2008-12-30 342848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-03 636072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
"SoftwareHelper"="c:\users\jacob dominique\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
c:\users\jacob dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1FC58CAE-9041-4C88-AE8B-22B3E1D33844}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DB15055D-6108-4471-8E52-381E24DC59F6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{48EF378E-A005-4F5C-9076-4EBE23D7E939}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{CCFAFA9C-971D-4A08-9292-5FCB93A5352C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{0A4E271B-268E-4272-BA6C-1F46C213CD0C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2CC2F3DE-D53A-4371-9813-60B86835C2CB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{799B334F-30AF-47B1-81DC-50D690A26ABB}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C910AACE-8400-4607-B78E-10F86AFB75B3}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E5172F70-2C02-4192-A165-E6AE95E002D7}"= UDP:c:\program files\Diablo II bis\Diablo II.exe:Diablo II - Lord of Destruction
"{B2899E6C-D6F7-4ECE-A942-F6FBEE363EAF}"= TCP:c:\program files\Diablo II bis\Diablo II.exe:Diablo II - Lord of Destruction
"{F6487791-CA9F-4180-BEDF-3F29A767E3F5}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{FC6BA156-5688-42C9-8A12-03501C0F0705}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{2720D870-0FFC-40E0-B268-05E733C7BE46}"= UDP:3724:Blizzard Downloader
"{07AD213D-35BC-4B08-B028-E6A53AE0BE77}"= UDP:6112:Blizzard Downloader
"TCP Query User{E9F30926-5139-47B2-88ED-0587DE636C09}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{004758A0-90E3-4295-A1A6-8A65A438BA13}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{2629B0F2-BFB4-4808-882F-E646CDC27B37}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{660103B8-4258-4305-B2A0-E7823EF69166}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{F062FB6C-F8E9-4259-B0A2-3D85AC331AFF}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{91B76BA1-372F-4687-9B7C-62DF25BC0177}c:\\program files\\activision\\call of duty (r) 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty (r) 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{4FEDB485-8078-47E3-8D54-FEB60EBBCE9C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{95156D10-8B1A-48DE-A4E4-E3B3A17F12A0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3D2ABA34-85C1-4213-B3D8-177E1FDA8739}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{AD78D4CE-EDCB-4531-9B44-16670530DC99}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{2385ABC7-128E-43AD-98D1-FC6B358388B8}"= UDP:3724:Blizzard Downloader: 3724
"{A2AFC6FD-F129-499A-8C0A-84746454CE85}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{43F1C21F-ED0F-46A8-A4B0-4DC99C6F3338}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{07B7B8B5-579D-47C7-9DA9-3E8961291E2D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{07878A1F-4CB7-457F-9BE9-2CACC243D80D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FE0B20A8-8446-40AA-B487-88702DF16D19}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EAA451BD-3368-43E8-A532-E90F8AFC6072}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{468FCB3C-0058-42B6-85C5-E9298CE568FF}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{50726671-73DF-4CEE-BAEE-BF44323DA69B}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{36D37CBE-5556-435E-9300-9F94B06B0A01}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{285FDA0F-39B7-4518-9153-E505AA68DD29}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{C725EEA0-63AC-42B6-8945-D3B3D1D69029}c:\\program files\\nouveau dossier\\left 4 dead\\left4dead.exe"= UDP:c:\program files\nouveau dossier\left 4 dead\left4dead.exe:left4dead
"UDP Query User{7A8F6562-0984-4286-84B3-6FE43717CEF7}c:\\program files\\nouveau dossier\\left 4 dead\\left4dead.exe"= TCP:c:\program files\nouveau dossier\left 4 dead\left4dead.exe:left4dead
"TCP Query User{269E911F-7C15-45DF-91A9-9B34008ED876}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{031C253C-6C4D-4A66-8129-B5E172C05DDD}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{C4D09069-725A-4195-AF08-056E85BC9126}c:\\users\\jacob dominique\\program files\\dna\\btdna.exe"= UDP:c:\users\jacob dominique\program files\dna\btdna.exe:btdna.exe
"UDP Query User{184FC27B-74CE-4DC6-86F3-092FED508B2A}c:\\users\\jacob dominique\\program files\\dna\\btdna.exe"= TCP:c:\users\jacob dominique\program files\dna\btdna.exe:btdna.exe
"{ED0CE9C7-14AD-4092-9C92-D3136E7DA689}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C49CEA9-874C-4D28-A237-8F62474107A5}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D9C2EF8D-60EF-47A9-BAC4-97A95E06E1B1}"= Disabled:UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DD27F407-BB4E-4FCB-99A2-7D35597A21A4}"= Disabled:TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{95FFFCB6-B43C-42FC-BB8B-A2F8994AECC1}"= Disabled:UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{6F73ADEC-A10B-4A81-A7C4-A986A7AB6E72}"= Disabled:TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"TCP Query User{5A86D884-887D-452B-8463-BA4CA13CD6D3}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{210AB9F1-654E-4EE8-8893-28C5540C93E0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{0E75F515-70C4-4E08-A745-9F38B9AA0E2E}"= UDP:c:\users\jacob dominique\AppData\Local\Temp\7zS3236.tmp\SymNRT.exe:Norton Removal Tool
"{D98FC122-FF39-4960-A779-F29948207C46}"= TCP:c:\users\jacob dominique\AppData\Local\Temp\7zS3236.tmp\SymNRT.exe:Norton Removal Tool
"{F6829153-9944-49D8-A918-F64FE9E2443E}"= UDP:c:\users\jacob dominique\AppData\Local\Temp\7zS8C18.tmp\SymNRT.exe:Norton Removal Tool
"{AA483A6C-3412-4DAC-9DCF-41EB6AD7111C}"= TCP:c:\users\jacob dominique\AppData\Local\Temp\7zS8C18.tmp\SymNRT.exe:Norton Removal Tool
"{C07373AD-07E2-4FA1-BB55-ED5138F04DF0}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{EBC58C6A-C90F-4896-A8EC-249A22ABDCF0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [05/06/2009 15:19 108289]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 10:32 208896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [02/10/2007 09:51 198240]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [26/02/2008 09:17 493568]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 09:13 29696]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/04/2009 17:09 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{951FEFE0-88AD-4C30-9F1A-59B3A24BCBA0}.job
- c:\windows\system32\msfeedssync.exe [2008-04-19 07:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{99BA268B-4021-4739-9945-3C774217FE75} - c:\program files\NetProject\sbmdl.dll
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 3.5.30729; .NET
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://y.lo.st
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mWindow Title =
mSearchURL = hxxp://internetsearchservice.com
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 23:46
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\SecuROM\License information*]
"datasecu"=hex:62,25,5c,ff,d0,77,af,bd,61,06,f2,27,2e,1e,12,84,df,59,95,38,24,
0b,bc,e8,9f,8e,da,83,6d,9d,29,05,ea,d4,f4,71,26,11,2a,c2,ea,93,76,35,f0,a6,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3636)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\schtasks.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\jusched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\hp\KBD\kbd.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-06-05 23:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-05 21:50
Avant-CF: 311 419 682 816 octets libres
Après-CF: 311 111 200 768 octets libres
324 --- E O F --- 2009-05-01 05:28
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2236
Windows 6.0.6001 Service Pack 1
06/06/2009 07:48:45
rapport malwarebytes
Type de recherche: Examen rapide
Eléments examinés: 86006
Temps écoulé: 4 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
Dossier(s) infecté(s):
C:\Windows\System32\514852 (Trojan.BHO) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
Version de la base de données: 2236
Windows 6.0.6001 Service Pack 1
06/06/2009 07:48:45
rapport malwarebytes
Type de recherche: Examen rapide
Eléments examinés: 86006
Temps écoulé: 4 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
Dossier(s) infecté(s):
C:\Windows\System32\514852 (Trojan.BHO) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
C'est fait, j'ai testé si testé pour voir si je pouvais refaire les mise a jour et sa marcahit, j'ai donc réinstallé norton etfonctionne a nouveau =)
J'ai lancé une analyse rapide il a juste trouvé un Traking cookies ( je crois que sa s'appel comme sa :p ) mais par contre suite a toutes les manipes je n'avais plus msn je l'ai réinstallé et une fois l'instal. fini une quinzaine de page internet se sont ouvert sans que je demande quelque chose
...
...
ah!
quand tu as installé msn,tu as installé autre chose comme logiciel avec(messenger plus)?
les pages internet,c'était de la pub?
quand tu as installé msn,tu as installé autre chose comme logiciel avec(messenger plus)?
les pages internet,c'était de la pub?
Salut , désolé pour mon absence ....
Enfet la page qui c'est ouverte c'est une version de google que j'ai jamais vue, la page est bleu et dans le lien y'a marqué Lost un truc dans ce genre mais depuis sa me l'a plus fait.
Ma version de msn c'est Windows live messenger.
Enfet la page qui c'est ouverte c'est une version de google que j'ai jamais vue, la page est bleu et dans le lien y'a marqué Lost un truc dans ce genre mais depuis sa me l'a plus fait.
Ma version de msn c'est Windows live messenger.
tiens?
lost?
fais ceci
• Télécharge Ad-remover sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
! Déconnecte toi et ferme toutes applications en cours !
• Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option "S" et tape sur [entrée] .
• Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé sous C:\Ad-report-scan.log )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
lost?
fais ceci
• Télécharge Ad-remover sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
! Déconnecte toi et ferme toutes applications en cours !
• Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option "S" et tape sur [entrée] .
• Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé sous C:\Ad-report-scan.log )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:28:17, 18/06/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-JACOBDOMI | Utilisateur actuel: jacob dominique
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: IUSR_NMPR
Administrateur: jacob dominique
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Appdatalow\Software\Fun Web Products
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Appdatalow\Software\MyWebSearch
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
.
C:\ProgramData\Trymedia
C:\Users\JACOBD~1\AppData\Roaming\EoRezo
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch
C:\Program Files\EoRezo
C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.0.inf
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-AF3ED1F6.pf
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@ads.eorezo[2].txt
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@eorezo[2].txt
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 8.0.6001.18783 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://pro.orange.fr/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\Far Cry 2 (no-cd) Crack + Serial [PC] crack keygen.torrent
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\keygen.Far_Cry.2.New-Serial-TeamFFF.rar.torrent
C:\Users\jacob dominique\AppData\Roaming\Microsoft\Windows\Recent\keygen.Far.Cry.2.New-Serial-TeamFFF.rar.lnk
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8209-to-0.4.2.8268-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8268-to-0.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-0.4.2.8209-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-2.3.3-to-2.4.0-frFR-Win-patch\BNUpdate.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Games\World of Warcraft\WoW-2.3.0-frFR-patch.exe
+---------------------------------------------------------------------------+
5843 Octet(s) - C:\Ad-Report-SCAN.log
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 10:49:16 | 18/06/2009
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:28:17, 18/06/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-JACOBDOMI | Utilisateur actuel: jacob dominique
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: IUSR_NMPR
Administrateur: jacob dominique
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Appdatalow\Software\Fun Web Products
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Appdatalow\Software\MyWebSearch
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
.
C:\ProgramData\Trymedia
C:\Users\JACOBD~1\AppData\Roaming\EoRezo
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch
C:\Program Files\EoRezo
C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.0.inf
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-AF3ED1F6.pf
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@ads.eorezo[2].txt
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@eorezo[2].txt
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 8.0.6001.18783 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://pro.orange.fr/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\Far Cry 2 (no-cd) Crack + Serial [PC] crack keygen.torrent
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\keygen.Far_Cry.2.New-Serial-TeamFFF.rar.torrent
C:\Users\jacob dominique\AppData\Roaming\Microsoft\Windows\Recent\keygen.Far.Cry.2.New-Serial-TeamFFF.rar.lnk
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8209-to-0.4.2.8268-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8268-to-0.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-0.4.2.8209-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-2.3.3-to-2.4.0-frFR-Win-patch\BNUpdate.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Games\World of Warcraft\WoW-2.3.0-frFR-patch.exe
+---------------------------------------------------------------------------+
5843 Octet(s) - C:\Ad-Report-SCAN.log
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 10:49:16 | 18/06/2009
.
============== E.O.F ==============
.
• Relance Ad-remover,
• Au menu principal choisis l'option "L" et tape sur [entrée] .
• Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé sous C:\Ad-report-clean.log )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite va dans les options internet et réinstalle ta page favorite
• Au menu principal choisis l'option "L" et tape sur [entrée] .
• Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé sous C:\Ad-report-clean.log )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite va dans les options internet et réinstalle ta page favorite
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:06:54, 18/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-JACOBDOMI | Utilisateur actuel: jacob dominique
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: IUSR_NMPR
Administrateur: jacob dominique
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Appdatalow\Software\Fun Web Products
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
.
C:\ProgramData\Trymedia\data
C:\ProgramData\Trymedia\licenses
C:\ProgramData\Trymedia\data\{219ABC7E-BC6A-C791-FA46-C6AEC559E620}
C:\ProgramData\Trymedia\data\{8461A337-A565-54C3-25C5-B063A4B5CF83}
C:\ProgramData\Trymedia\data\{B98CA198-6462-7B47-A84A-304F558C5F7B}
C:\ProgramData\Trymedia\data\{CF3C9446-FFD7-5693-F730-62F4A42DF8C6}
C:\ProgramData\Trymedia\data\{D9BE8042-B313-5A5B-448B-EACCE3A6167D}
C:\ProgramData\Trymedia\data\{F6D188F6-832B-94E4-2ED0-C954C0CA77F4}
C:\ProgramData\Trymedia\licenses\b06745833c51e2b2266426d335540671.lcn
C:\ProgramData\Trymedia
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\db
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoStats
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\host.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\user.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\Download
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\help_config.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\Software
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.dat
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\user_config.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\user_profil.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Installr
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\ScreenSaver
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Shared
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Installr\Cache
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\ScreenSaver\Images
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\010CD09C.urr
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\History
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\0001C87C
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\00318FE0.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\00319186.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\00319453.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\003195D9.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\0031977E.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CB002
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CB1A7.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CB501.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CBAFA.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CBE92.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\History\search3
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\EoRezoTools_29.dll
C:\Program Files\EoRezo\EoRezoTools_30.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Program Files\EoRezo
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-AF3ED1F6.pf
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@ads.eorezo[2].txt
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jacob_dominique@ads.eorezo[2].txt
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@eorezo[2].txt
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 8.0.6001.18783 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\Far Cry 2 (no-cd) Crack + Serial [PC] crack keygen.torrent
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\keygen.Far_Cry.2.New-Serial-TeamFFF.rar.torrent
C:\Users\jacob dominique\AppData\Roaming\Microsoft\Windows\Recent\keygen.Far.Cry.2.New-Serial-TeamFFF.rar.lnk
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8209-to-0.4.2.8268-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8268-to-0.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-0.4.2.8209-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-2.3.3-to-2.4.0-frFR-Win-patch\BNUpdate.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Games\World of Warcraft\WoW-2.3.0-frFR-patch.exe
+---------------------------------------------------------------------------+
11857 Octet(s) - C:\Ad-Report-CLEAN.log
6065 Octet(s) - C:\Ad-Report-SCAN.log
20 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
71 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 15:29:20 | 18/06/2009
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_J | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 14/06/2009 à 10:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:06:54, 18/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-JACOBDOMI | Utilisateur actuel: jacob dominique
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité
N'est pas administrateur: IUSR_NMPR
Administrateur: jacob dominique
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-3551666448-2698283683-1890849398-1001\Software\Appdatalow\Software\Fun Web Products
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
.
C:\ProgramData\Trymedia\data
C:\ProgramData\Trymedia\licenses
C:\ProgramData\Trymedia\data\{219ABC7E-BC6A-C791-FA46-C6AEC559E620}
C:\ProgramData\Trymedia\data\{8461A337-A565-54C3-25C5-B063A4B5CF83}
C:\ProgramData\Trymedia\data\{B98CA198-6462-7B47-A84A-304F558C5F7B}
C:\ProgramData\Trymedia\data\{CF3C9446-FFD7-5693-F730-62F4A42DF8C6}
C:\ProgramData\Trymedia\data\{D9BE8042-B313-5A5B-448B-EACCE3A6167D}
C:\ProgramData\Trymedia\data\{F6D188F6-832B-94E4-2ED0-C954C0CA77F4}
C:\ProgramData\Trymedia\licenses\b06745833c51e2b2266426d335540671.lcn
C:\ProgramData\Trymedia
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\db
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoStats
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\host.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\user.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\Download
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\help_config.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\Software
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.dat
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\user_config.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo\SoftwareUpdate\user_profil.cyp
C:\Users\JACOBD~1\AppData\Roaming\EoRezo
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Installr
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\ScreenSaver
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Shared
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Installr\Cache
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\ScreenSaver\Images
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\010CD09C.urr
C:\Users\jacob dominique\AppData\LocalLow\FunWebProducts
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\History
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\0001C87C
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\00318FE0.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\00319186.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\00319453.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\003195D9.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\0031977E.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CB002
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CB1A7.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CB501.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CBAFA.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\010CBE92.bin
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\History\search3
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
C:\Users\jacob dominique\AppData\LocalLow\MyWebSearch
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\EoRezoTools_29.dll
C:\Program Files\EoRezo\EoRezoTools_30.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Program Files\EoRezo
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-AF3ED1F6.pf
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@ads.eorezo[2].txt
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jacob_dominique@ads.eorezo[2].txt
C:\Users\JACOBD~1\AppData\Roaming\MICROS~1\Windows\Cookies\jacob_dominique@eorezo[2].txt
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 8.0.6001.18783 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\Far Cry 2 (no-cd) Crack + Serial [PC] crack keygen.torrent
C:\Users\jacob dominique\AppData\Roaming\BitTorrent\keygen.Far_Cry.2.New-Serial-TeamFFF.rar.torrent
C:\Users\jacob dominique\AppData\Roaming\Microsoft\Windows\Recent\keygen.Far.Cry.2.New-Serial-TeamFFF.rar.lnk
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8209-to-0.4.2.8268-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.4.2.8268-to-0.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-0.4.2.8209-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-2.3.3-to-2.4.0-frFR-Win-patch\BNUpdate.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Games\World of Warcraft\WoW-2.3.0-frFR-patch.exe
+---------------------------------------------------------------------------+
11857 Octet(s) - C:\Ad-Report-CLEAN.log
6065 Octet(s) - C:\Ad-Report-SCAN.log
20 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
71 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 15:29:20 | 18/06/2009
.
============== E.O.F ==============
.
