Adware.generic
Eogan
-
Eogan -
Eogan -
Bonjour,
j'ai été infecté par ce malware, j'ai suivi les tutoriels et voici le résultat. Pouvez m'assurer que tout a été enlevé? Merci
Rapport Mbam
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2261
Windows 6.0.6002 Service Pack 2
11/06/2009 15:17:02
mbam-log-2009-06-11 (15-17-02).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 259241
Temps écoulé: 3 hour(s), 38 minute(s), 56 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.
c:\program files\relevantknowledge\components (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully.
C:\ProgramData\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3285306481-2398017303-1081260777-1001\$R3D20H8.tmp\seekapp.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\programdata\Seekapp\seekapp122.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\chrome.manifest (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\install.rdf (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlph.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlxf.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
Bit Defender
BitDefender Online Scanner - Real Time Virus Report
Generated at: Thu, Jun 11, 2009 - 15:54:41
--------------------------------------------------------------------------------
Scan Info
Scanned Files
3309
Infected Files
0
Virus Detected
No virus found.
Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:45, on 11/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Chloé\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Users\Chloé\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Chloé\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3285306481-2398017303-1081260777-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Arnaud')
O4 - S-1-5-21-3285306481-2398017303-1081260777-1000 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Arnaud')
O4 - S-1-5-21-3285306481-2398017303-1081260777-1000 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Arnaud')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RealtekUSB - Realtek - C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtlService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
j'ai été infecté par ce malware, j'ai suivi les tutoriels et voici le résultat. Pouvez m'assurer que tout a été enlevé? Merci
Rapport Mbam
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2261
Windows 6.0.6002 Service Pack 2
11/06/2009 15:17:02
mbam-log-2009-06-11 (15-17-02).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 259241
Temps écoulé: 3 hour(s), 38 minute(s), 56 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.
c:\program files\relevantknowledge\components (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully.
C:\ProgramData\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3285306481-2398017303-1081260777-1001\$R3D20H8.tmp\seekapp.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\programdata\Seekapp\seekapp122.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\chrome.manifest (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\install.rdf (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlph.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlxf.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
Bit Defender
BitDefender Online Scanner - Real Time Virus Report
Generated at: Thu, Jun 11, 2009 - 15:54:41
--------------------------------------------------------------------------------
Scan Info
Scanned Files
3309
Infected Files
0
Virus Detected
No virus found.
Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:45, on 11/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Chloé\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Users\Chloé\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Chloé\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3285306481-2398017303-1081260777-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Arnaud')
O4 - S-1-5-21-3285306481-2398017303-1081260777-1000 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Arnaud')
O4 - S-1-5-21-3285306481-2398017303-1081260777-1000 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Arnaud')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RealtekUSB - Realtek - C:\Program Files\BlueStork\BS-WG-USB Wireless LAN Utility\RtlService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
3 réponses
bonjours,
Procédure de recherche Ad-Remover
Téléchargement : http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
► Désactiver l'antivirus et l’UAC : http://www.laboratoire-microsoft.org/t/23933/
• Installez et lancez par Clic droit et >>
>> "Exécuter ce programme en tant qu'administrateur"
• Lancer Ad-remover, sélectionner la langue, F et validez par Entrée,
• Déconnectez-vous, quittez les applications ouvertes
• Sélectionner [S – Scanner] et validez par Entrée pour lancer l’analyse,
>> Laisser le aller,
• Lorsque le scan sera complété appuyez sur une touche pour ouvrir le rapport
► Postez le rapport (C:\Ad-Report-SCAN.log)
Procédure de recherche Ad-Remover
Téléchargement : http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
► Désactiver l'antivirus et l’UAC : http://www.laboratoire-microsoft.org/t/23933/
• Installez et lancez par Clic droit et >>
>> "Exécuter ce programme en tant qu'administrateur"
• Lancer Ad-remover, sélectionner la langue, F et validez par Entrée,
• Déconnectez-vous, quittez les applications ouvertes
• Sélectionner [S – Scanner] et validez par Entrée pour lancer l’analyse,
>> Laisser le aller,
• Lorsque le scan sera complété appuyez sur une touche pour ouvrir le rapport
► Postez le rapport (C:\Ad-Report-SCAN.log)
Merci, voici le rapport:
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_H | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 11/06/2009 à 3:50 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:20:15, 12/06/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: FILLES | Utilisateur actuel: Administrateur
.
Administrateur: Administrateur
Administrateur: Arnaud
Administrateur: Chloé
N'est pas administrateur: Invité *Desactive*
Administrateur: Marine
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: "RelevantKnowledge"
.
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
HKU\S-1-5-21-3285306481-2398017303-1081260777-500\Software\Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
.
C:\Users\Arnaud\AppData\Roaming\Eorezo
C:\Users\Chlo‚\AppData\Roaming\Eorezo
C:\Users\Marine\AppData\Roaming\Eorezo
C:\Windows\Prefetch\RLVKNLG.EXE-A7BDE82E.pf
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-93F1C0BF.pf
C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\administrateur@eorezo[1].txt
C:\Users\Arnaud\AppData\Roaming\Microsoft\Windows\Cookies\arnaud@eorezo[1].txt
C:\Users\Chlo‚\AppData\Roaming\Microsoft\Windows\Cookies\chlo‚@eorezo[1].txt
C:\Users\Chlo‚\AppData\Roaming\Microsoft\Windows\Cookies\chlo‚@eorezo[2].txt
C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Cookies\marine@dl.eorezo[1].txt
C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Cookies\marine@eorezo[1].txt
.
============== Scan additionnel ==============
.
* Mozilla FireFox Version 3.0.10 *
Nom du profil: kxigpisc.default (Administrateur)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.
.
* Internet Explorer Version 8.0.6001.18783 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://y.lo.st
============== Suspect (Cracks, Serials ... ) ==============
.
+---------------------------------------------------------------------------+
3063 Octet(s) - C:\Ad-Report-SCAN.log
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 13:24:42 | 12/06/2009
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_H | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 11/06/2009 à 3:50 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:20:15, 12/06/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: FILLES | Utilisateur actuel: Administrateur
.
Administrateur: Administrateur
Administrateur: Arnaud
Administrateur: Chloé
N'est pas administrateur: Invité *Desactive*
Administrateur: Marine
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: "RelevantKnowledge"
.
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
HKU\S-1-5-21-3285306481-2398017303-1081260777-500\Software\Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Softwarehelper
.
C:\Users\Arnaud\AppData\Roaming\Eorezo
C:\Users\Chlo‚\AppData\Roaming\Eorezo
C:\Users\Marine\AppData\Roaming\Eorezo
C:\Windows\Prefetch\RLVKNLG.EXE-A7BDE82E.pf
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-93F1C0BF.pf
C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\administrateur@eorezo[1].txt
C:\Users\Arnaud\AppData\Roaming\Microsoft\Windows\Cookies\arnaud@eorezo[1].txt
C:\Users\Chlo‚\AppData\Roaming\Microsoft\Windows\Cookies\chlo‚@eorezo[1].txt
C:\Users\Chlo‚\AppData\Roaming\Microsoft\Windows\Cookies\chlo‚@eorezo[2].txt
C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Cookies\marine@dl.eorezo[1].txt
C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Cookies\marine@eorezo[1].txt
.
============== Scan additionnel ==============
.
* Mozilla FireFox Version 3.0.10 *
Nom du profil: kxigpisc.default (Administrateur)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.
.
* Internet Explorer Version 8.0.6001.18783 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://y.lo.st
============== Suspect (Cracks, Serials ... ) ==============
.
+---------------------------------------------------------------------------+
3063 Octet(s) - C:\Ad-Report-SCAN.log
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 13:24:42 | 12/06/2009
.
============== E.O.F ==============
.
