Kiohep.exe ?

manga 57 -  
crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

Dernièrement j'ai remarque que la connexion de mon ordinateur bugger environ toutes les heures se qui évidemment ne m'arrange pas...

J'ai donc fais des recherche et il s'avère que mon ordi a le virus kiohep.exe et j'ai remarque que sur les forums il fallais utilisé HIJACKTIS sauf que une fois que j'ai le rapport je ne sais pas se que je dois faire ...

Si quelqu'un pourais m'aider sa serai super

Merci D'avance
Configuration: Windows XP Internet Explorer 7.0

35 réponses

  • 1
  • 2
  1. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Salut
    Rioucourt : à ce moment là, à quoi sert( CCM si on conseille à tous les problèmes de formater ou racheter un PC ...?!

    *******

    Poste ton rapport Hijackthis que tu sembles avoir généré afin que je l'analyse.
    1
  2. rioucourt Messages postés 11 Statut Membre
     
    pour enlever le virus pas de probleme c'est facile comme tout à tu assez d'economie environ 1500 euros et tu te rachetes un ordi t'a vu pas compliquer hein
    0
  3. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    Euh... J'attendais... Comment dire... Une réponse plus positive...
    0
  4. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    Ok alors attendjuste deux petites minutes
    ...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:16:49, on 23/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\VM305_STI.EXE
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Documents and Settings\Nicolas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Nosibay\Bubble Foot\launcher.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
    C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
    C:\Program Files\BitTorrent Acceleration Patch\BitTorrent Acceleration Patch.exe
    C:\Program Files\YesMessenger\YesMessenger.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Nosibay\Bubble Foot\Bubble Foot.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\DZXXSVB6\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dailymotion.com/fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.om.fr/fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
    O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu420.exe 61A847B5BBF72816309B284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.342.0\OEAddOn.exe
    O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.342.0\HotbarSA.exe"
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Store file readme bash] C:\Documents and Settings\All Users\Application Data\city about store file\blah view.exe
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [rukaquos] C:\WINDOWS\system32\lounoonu.exe
    O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Nicolas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.342.0\Weather.exe" -auto
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [Site Help] C:\DOCUME~1\Nicolas\APPLIC~1\FRAGAB~1\1 mpeg.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Bubble Foot] "C:\Program Files\Nosibay\Bubble Foot\launcher.exe"
    O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [gugiw] "c:\windows\system32\gugiw.exe" gugiw
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BitTorrent Acceleration Patch.lnk = C:\Program Files\BitTorrent Acceleration Patch\BitTorrent Acceleration Patch.exe
    O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm490YYFR
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: bfo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O21 - SSODL: system32 - {27C0EA7D-5580-4BBE-8873-2E1F79BCFDE2} - sysprinters.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service Google Update (gupdate1c9e9f8bd845f60) (gupdate1c9e9f8bd845f60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: ASF Agent (yaepuu1cuayi) - Unknown owner - C:\WINDOWS\system32\vecibommym.exe (file missing)
    0
  7. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Ouaou !
    Tu as juste 5 ou 6 infections différentes !!!
    On a beaucoup de boulot.

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    = = = = >>> En cliquant ici <<< = = = =

    Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.

    Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    * Redémarre ton ordinateur
    * Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde) (ou F5 selon ta machine si cela ne fonctionne pas).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ta session habituelle.

    Suis les instructions ci-dessous :
    * Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le processus de nettoyage.
    * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer le PC lorsqu’il te le sera demandé.

    * Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
    * Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau lorsqu’il te le sera demandé.
    * Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    * Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  8. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    Déja gros probleme pas moyen de passer mon ordi en mode "sans échec" les leches ne réagisse paset reste bloquer sur " Demarrer Windows normalement"... Je fais comment ?
    0
  9. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    On va alors commencer par un nettoyage général pour gagner du temps !
    Ne prends pas peur du nombre d'infections trouvées...

    Télécharge Malwarebytes’ Anti-Malware
    = = = = >>> En cliquant ici <<< = = = =

    - Enregistre le sur le bureau
    - Double clique sur le fichier téléchargé pour lancer le processus d’installation
    - Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
    - Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
    - Une fois la mise à jour terminée, ferme Malwarebytes
    - Double-clique sur l’icône de malwarebytes pour le relancer
    - Dans l’onglet, Recherche, probablement ouvert par défaut,
    - Sélectionne Exécuter un examen complet
    - Clique sur Rechercher
    - Le scan démarre
    - A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
    - Clique sur Ok pour poursuivre.
    - Si des malwares ont été détectés, cliques sur Afficher les résultats
    - Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    - Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
    - Rends toi dans l’onglet rapport/log
    - Tu clique dessus pour l’afficher.
    - Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
    - Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
    - Tu clique droit dans le cadre de la réponse et coller

    Si tu as besoin d’aide regarde ce tutorial ICI
    0
  10. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    J'ai fais ce que tu m'as dis et voilà le rapport:

    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2687
    Windows 5.1.2600 Service Pack 2

    24/08/2009 14:58:50
    mbam-log-2009-08-24 (14-58-50).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 219641
    Temps écoulé: 2 hour(s), 52 minute(s), 10 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 167
    Valeur(s) du Registre infectée(s): 12
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 15
    Fichier(s) infecté(s): 47

    Processus mémoire infecté(s):
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
    C:\Documents and Settings\Nicolas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\P2P_Torrent\tbP2P1.dll (Adware.Shopper) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gugiw (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Adware.EoRezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\Nicolas\Local Settings\Application Data\qqkki_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Local Settings\Application Data\qqkki_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Local Settings\Application Data\qqkki.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Local Settings\Application Data\qqkki.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Program Files\P2P_Torrent\tbP2P1.dll (Adware.Shopper) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL_tobedeleted (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL_tobedeleted (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{08F05CAA-B095-41EE-AACB-EE6DD5E5CEBC}\RP515\A0374893.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{08F05CAA-B095-41EE-AACB-EE6DD5E5CEBC}\RP515\A0374919.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{08F05CAA-B095-41EE-AACB-EE6DD5E5CEBC}\RP515\A0374920.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{08F05CAA-B095-41EE-AACB-EE6DD5E5CEBC}\RP528\A0407191.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\WhenU\Customer Support.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uaqus_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uuoyk_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uaqus_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uuoyk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
    0
  11. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    C'est ce qu'on appelle faire du ménage !
    Oublie tout ça bourré d'infections !
    - InternetGameBox
    - Eorezo
    - Mywebsearch
    - WhenUSave
    - Zango
    - WebMediaPlayer


    Le PC devrait aller mieux...

    Télécharge Ad-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    = = = =>>> En cliquant ici <<<= = = =

    /!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\

    * Double clique sur le programme d’installation, et installe le dans son emplacement par défaut. (C:\Program files). Laisse-toi guidé lors de l’installation.
    * Ad-Remover devrait s’ouvrir à la fin de l’installation. Dans le cas contraire, double clique sur l’icône Ad-remover située sur ton bureau.
    * Tape F puis tape sur Entrée pour sélectionner la langue française.
    * Au message d’avertissement qui s’affiche, sélectionne ‘Oui’.
    * Au menu principal choisi l’option "S" et tape ensuite sur la touche Entrée.
    * Poste le rapport qui apparaît à la fin de l’analyse qui peut prendre du temps.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :
    "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus.
    0
  12. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_P | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/08/2009 à 1:30 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 18:52:27, 24/08/2009 | Mode Normal | Option: SCAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
    Nom du PC: PCNICOLAS | Utilisateur actuel: Nicolas
    .
    Administrateur: Administrateur
    N'est pas administrateur: ASPNET
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité
    Administrateur: Nicolas
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    Service: "MyWebSearchService"
    .
    HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKCR\AppID\EoRezoBHO.DLL
    HKCR\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\MgMediaPlayer.GifAnimator
    HKCR\MgMediaPlayer.GifAnimator.1
    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCR\SWEETIE.IEToolbar
    HKCR\SWEETIE.IEToolbar.1
    HKCR\SWEETIE.SWEETIE
    HKCR\SWEETIE.SWEETIE.1
    HKCR\ToolBand.SWEETIE
    HKCR\ToolBand.SWEETIE.1
    HKCR\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKCU\Software\EoRezo
    HKCU\Software\FunWebProducts
    HKCU\Software\Grand Virtual
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\SWEETIE
    HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\Software\Classes\AppID\EoRezoBHO.DLL
    HKLM\Software\Classes\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKLM\Software\Classes\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKLM\Software\Classes\EoRezoBHO.EoBho
    HKLM\Software\Classes\EoRezoBHO.EoBho.1
    HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    HKLM\Software\Classes\MgMediaPlayer.GifAnimator
    HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\SWEETIE.IEToolbar
    HKLM\Software\Classes\SWEETIE.IEToolbar.1
    HKLM\Software\Classes\SWEETIE.SWEETIE
    HKLM\Software\Classes\SWEETIE.SWEETIE.1
    HKLM\Software\Classes\ToolBand.SWEETIE
    HKLM\Software\Classes\ToolBand.SWEETIE.1
    HKLM\Software\Classes\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKLM\Software\Classes\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKLM\Software\Classes\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\Software\Macrogaming
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
    HKLM\Software\Search Settings
    HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
    HKLM\SYSTEM\ControlSet002\Services\MyWebSearchService
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
    HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
    HKU\S-1-5-21-2160342307-682971219-601624776-1006\Software\Eorezo
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eodesk3d
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings
    C:\Program Files\Ask Search Assistant
    C:\Program Files\Macrogaming
    C:\Program Files\Search Settings
    C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.0.inf
    C:\WINDOWS\Installer\101918d.msi
    C:\WINDOWS\Installer\1b50b0.msi
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    C:\WINDOWS\Prefetch\SWEETIM.EXE-2E64256A.pf
    C:\DOCUME~1\Nicolas\Cookies\nicolas@search.conduit[2].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@ads.eorezo[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@dl.eorezo[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@eorezo[2].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@kiwee[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@www1.kiwee[2].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@partypoker[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@search.sweetim[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@www.sweetim[1].txt
    .
    ============== Scan additionnel ==============
    .
    .
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.dailymotion.com/fr
    Search Page: hxxp://www.google.com
    Start Page: hxxp://www.om.net/
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs : res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials ... ) ==============
    .
    C:\Documents and Settings\Nicolas\Application Data\Nosibay\Bubble Foot\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
    .
    .
    ===================================
    .
    11861 Octet(s) - C:\Ad-Report-SCAN.log
    .
    723 Fichier(s) - C:\DOCUME~1\Nicolas\LOCALS~1\Temp
    108 Fichier(s) - C:\WINDOWS\Temp
    .
    0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 19:04:44 | 24/08/2009
    .
    ============== E.O.F ==============
    .
    0
  13. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Evite vraiment SweetIM et Eorezo !

    Nettoyage avec Ad-Remover :

    /!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\

    * Double clique sur le programme d’installation, et installe le dans son emplacement par défaut. (C:\Program files). Laisse-toi guidé lors de l’installation.
    * Ad-Remover devrait s’ouvrir à la fin de l’installation. Dans le cas contraire, double clique sur l’icône Ad-remover située sur ton bureau.
    * Tape F puis tape sur Entrée pour sélectionner la langue française.
    * Au message d’avertissement qui s’affiche, sélectionne ‘Oui’.
    * Au menu principal choisi l’option "L" et tape ensuite sur la touche Entrée.
    * Poste le rapport qui apparaît à la fin de l’analyse qui peut prendre du temps.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :
    "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus.
    0
  14. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_P | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/08/2009 à 1:30 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 22:05:20, 24/08/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
    Nom du PC: PCNICOLAS | Utilisateur actuel: Nicolas
    .
    Administrateur: Administrateur
    N'est pas administrateur: ASPNET
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité
    Administrateur: Nicolas
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: "MyWebSearchService"
    .
    HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKCR\AppID\EoRezoBHO.DLL
    HKCR\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\MgMediaPlayer.GifAnimator
    HKCR\MgMediaPlayer.GifAnimator.1
    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCR\SWEETIE.IEToolbar
    HKCR\SWEETIE.IEToolbar.1
    HKCR\SWEETIE.SWEETIE
    HKCR\SWEETIE.SWEETIE.1
    HKCR\ToolBand.SWEETIE
    HKCR\ToolBand.SWEETIE.1
    HKCR\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKCU\Software\EoRezo
    HKCU\Software\FunWebProducts
    HKCU\Software\Grand Virtual
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\SWEETIE
    HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    HKLM\Software\Macrogaming
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
    HKLM\Software\Search Settings
    HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
    HKLM\SYSTEM\ControlSet002\Services\MyWebSearchService
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eodesk3d
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\cmhost.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\ConfMedia.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\db
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d.cfg
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\eoDesktop
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\eoStats
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\host.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\user.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\01D86858-63D8-4711-A2AF-7826E71BA0FB.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\01E7E7B6-8631-421D-8486-4439276F77E6.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\026C3AA2-BCC1-4C8D-B4F4-0C1BCDE92328.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\05D63790-EDA5-47F4-B737-6CB4A8E9056D.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\12FE45ED-84E1-4B85-806E-4288438695C2.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\172759C1-8506-442D-8CA7-BA49C8AA145F.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\17ADEBA2-E821-4CE4-B30A-D86206E32ACD.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\19D83542-C5F4-480A-A514-B78FB9E51B07.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\20E26E77-FB5C-4550-B0DD-9E255E03C81E.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\2B377970-B236-4B40-84D4-1BA89D4FE9CF.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\325A923B-E453-467A-BF70-22AFF16A57D1.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\37885C8A-5274-467F-B273-3FEA94954ADF.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\3C5C9B34-7F1B-4A10-85E6-5A50300C03D8.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\41C5C5D7-A50A-449C-824D-A7FDC8AFE449.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\474FB40D-89F6-494E-9A65-B21CEB6C8DD2.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\497E0BEF-4AC3-4324-98AE-E59F43918C71.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\4B99B65D-BEC6-4599-8875-B1AF0423EA23.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\4DF1F0C8-3373-49EA-8B8B-1AB597340EB2.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\5461705B-6827-4630-B83C-AD2C36226706.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\56418F2D-070C-4B89-B948-526C7306A6EE.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\5A572AE2-2130-4DED-856C-1615C07B3CBD.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\660A29C8-71F9-4B6A-A216-91D222A87CFB.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\6CA3D017-03D4-4D78-A06E-5E5B9939EBA8.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\6EA6DE7C-EE41-488C-807F-AEFE5E6F9D25.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\758ED0C7-475C-4680-9C23-819D1AF51F94.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\7612C55C-A92B-4C06-8928-AD56FA90B93A.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\7A68C4CE-204D-4909-B74C-D63806022AB6.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\7B096F11-28C3-422B-B992-41760E474500.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\7CE33598-9893-4A67-BFC6-4469B3BF92D2.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\7EEA6FD1-B830-4A57-9326-FA29054C4764.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\82807DBA-C560-40B9-B899-A09D0D51FF49.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\83D76117-7EE7-4FE6-8CB9-A61D45E36BB6.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\86C1E3A4-444F-4825-813F-94707C6005D8.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\8844D6C2-CC69-4317-8C85-E5B8BF282AAE.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\8F062777-A1C2-4B69-92FE-6C9003C05B21.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\96A067D6-2309-45D7-BA42-7980F501A484.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\A2712A08-B357-4C0D-8429-A8082129413B.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\A39076CD-6CAC-4069-A171-CFEFDBBAE799.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\A465D08C-A789-4FF5-98E3-0468E59DA5A3.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\B3AE9681-1DCD-41D2-B8EE-DB74955FE24D.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\B42C53F3-11FE-494C-B531-0886A539BF59.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\B6CA71DE-ECD4-4A72-BA56-4210F732517A.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\BBB0FB37-BB1F-427B-B557-2632C66BDF17.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\C2A9609E-0D74-49C8-99E9-66C86DCAED5A.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\C48E7262-BDDA-442A-9B9D-9CD241B64284.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\E1B264FA-1B57-4A47-B119-A4226E4CC070.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\EB88C135-71C8-4D05-A1E4-789D0E08EC4B.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\EF5729D7-6574-4F7B-AC38-4B41F43356F5.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\eoDesk3d.cfg
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\F2AD5456-E5EF-4499-ADFD-66C4C4B0F8A7.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\F2E26B8C-F0E4-4619-97B6-F6E8552C271C.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\F5EBD2F8-6299-4859-B8CF-51D9186B1A79.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\F724AEE2-2485-4C86-B09F-462451324821.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\FB2379CB-C3A4-47F5-BC11-AC20190A4776.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\FBCEA2DA-E985-4FB5-9FE0-F97E276727DF.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\EoDesk3d\FF9A0FF4-34D7-4D6D-BC96-E82B4133F28E.bmp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\eoDesktop\config.xml
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\eoStats\eoStats.txt
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Download
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\help_config.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\unins000.dat
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\unins000.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\user_config.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\user_profil.cyp
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\eobrowserpub
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\eoengine
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\eobrowserpub\1.0.0.1
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.4
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.7
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.8
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.7\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.8\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4\itstv.exe
    C:\DOCUME~1\Nicolas\APPLIC~1\EoRezo
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings\kb127
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings\kb127\res
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings\kb127\temp
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings\kb127\temp\ws-14479.log
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings\kb127\temp\ws-14480.log
    C:\DOCUME~1\Nicolas\APPLIC~1\Search Settings
    C:\Program Files\Ask Search Assistant\ask.ico
    C:\Program Files\Ask Search Assistant\AskSearchAsst.ini
    C:\Program Files\Ask Search Assistant\Install.asa.log
    C:\Program Files\Ask Search Assistant\uninst.exe
    C:\Program Files\Ask Search Assistant
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\Macrogaming\SweetIM\conf
    C:\Program Files\Macrogaming\SweetIM\data
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\logs
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
    C:\Program Files\Macrogaming\SweetIM\resources
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Macrogaming\SweetIM\update
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users
    C:\Program Files\Macrogaming\SweetIM\conf\users\angel5708@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicobenedet@hotmail.com
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicoom57@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\pops-57@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\valaurys@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\angel5708@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\angel5708@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\content_update_notification.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\lastuse_Audibles.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\lastuse_DisplayPictures.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\marseilleau57390@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicobenedet@hotmail.com\content_update_notification.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicobenedet@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicobenedet@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicoom57@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicoom57@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\pops-57@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\pops-57@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\valaurys@hotmail.fr\content_update_notification.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\valaurys@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\valaurys@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010891.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010892.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108CD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002021F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020224.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020239.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020265.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030076.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000300B5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000300B7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400AF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400E2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400EF.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006015E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060161.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060162.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060164.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060165.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060166.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060168.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008000B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00080011.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00080014.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00080042.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\02050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\resources\images
    C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
    C:\Program Files\Macrogaming\SweetIM\update\sweetimsetup.exe
    C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
    C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache
    C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb127\res
    C:\Program Files\Search Settings\kb127\SearchSettings.dll
    C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
    C:\Program Files\Search Settings\kb127\temp
    C:\Program Files\Search Settings
    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.0.inf
    C:\WINDOWS\Installer\101918d.msi
    C:\WINDOWS\Installer\1b50b0.msi
    C:\WINDOWS\Installer\1b50b6.msi
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    C:\WINDOWS\Prefetch\SWEETIM.EXE-2E64256A.pf
    C:\DOCUME~1\Nicolas\Cookies\nicolas@search.conduit[2].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@ads.eorezo[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@dl.eorezo[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@eorezo[2].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@kiwee[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@www1.kiwee[2].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@partypoker[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@search.sweetim[1].txt
    C:\DOCUME~1\Nicolas\Cookies\nicolas@www.sweetim[1].txt

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .
    .
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.google.com
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs : res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials ... ) ==============
    .
    C:\Documents and Settings\Nicolas\Application Data\Nosibay\Bubble Foot\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
    .
    .
    ===================================
    .
    29196 Octet(s) - C:\Ad-Report-CLEAN.log
    12178 Octet(s) - C:\Ad-Report-SCAN.log
    .
    259 Fichier(s) - C:\DOCUME~1\Nicolas\LOCALS~1\Temp
    70 Fichier(s) - C:\WINDOWS\Temp
    .
    17 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    133 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 22:20:36 | 24/08/2009
    .
    ============== E.O.F ==============
    .
    0
  15. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Vide la quarantaine de Malwarebytes' Anti Malware.

    Pour une analyse plus en profondeur de ton PC :
    Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.
    = = = = >>> En cliquant ici <<< = = = =

    * Double clique sur RSIT.exe pour le lancer.
    * Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
    * Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
    * Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
    * Poste le contenu de log.txt.
    0
  16. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Nicolas at 2009-08-24 22:48:24
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 4 GB (10%) free of 40 GB
    Total RAM: 1023 MB (33% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:48:30, on 24/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\VM305_STI.EXE
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Nosibay\Bubble Foot\launcher.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\MediaDICO4Ut.EXE
    C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Rac4Ut.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\BitTorrent Acceleration Patch\BitTorrent Acceleration Patch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\YesMessenger\YesMessenger.exe
    C:\Program Files\Nosibay\Bubble Foot\Bubble Foot.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\VUB44CFA\RSIT[1].exe
    C:\Program Files\trend micro\Nicolas.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu420.exe 61A847B5BBF72816309B284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.342.0\OEAddOn.exe
    O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.342.0\HotbarSA.exe"
    O4 - HKLM\..\Run: [Store file readme bash] C:\Documents and Settings\All Users\Application Data\city about store file\blah view.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [rukaquos] C:\WINDOWS\system32\lounoonu.exe
    O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.342.0\Weather.exe" -auto
    O4 - HKCU\..\Run: [Site Help] C:\DOCUME~1\Nicolas\APPLIC~1\FRAGAB~1\1 mpeg.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Bubble Foot] "C:\Program Files\Nosibay\Bubble Foot\launcher.exe"
    O4 - HKCU\..\Run: [MediaDICO4Ut] C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe Lancement
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BitTorrent Acceleration Patch.lnk = C:\Program Files\BitTorrent Acceleration Patch\BitTorrent Acceleration Patch.exe
    O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: bfo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: system32 - {27C0EA7D-5580-4BBE-8873-2E1F79BCFDE2} - sysprinters.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: ASF Agent (yaepuu1cuayi) - Unknown owner - C:\WINDOWS\system32\vecibommym.exe (file missing)
    0
  17. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Bonne nuit.
    Nous avançons bien.
    J'analyse ton rapport et je te prépare une procédure.
    A demain.
    Crapoulou.
    0
  18. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    - Emule
    - Limewire
    - Shareaza

    Ne te demande pas d'où viennent tes infections !

    Je vois que tu as un logiciel d’échange de fichiers via le P2P (peer-to-peer). Je ne sais pas si tu crack des logiciels et cela ne me regarde pas mais je te conseille de lire ce qui suit quelque l’utilisation que tu fasses avec ce logiciel.
    En plus d’être illégaux, les cracks sont souvent bourrés d’infection (Bagle, rogues par exemple) et certaines très coriaces (Virut, Mabezat par exemple).
    Voici le lien d’une vidéo montrant les effets d’une infection Bagle :
    https://www.youtube.com/watch?v=nqLoz4XCY60
    Je te conseille de lire cet article concernant le danger des cracks (merci à Malekal) :
    http://forum.malekal.com/ftopic893.php

    ********

    Connais-tu ceci ??
    C:\79ba0900b09f01f217db

    *******

    /!\ Procédure réservée à manga57. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\
    Télécharge OTM (de Old_Timer) sur ton Bureau.
    = = = = >>> En cliquant ici <<< = = = =
    Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
    Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
    Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
    Paste Instructions for Items to be moved.

    :Processes
    explorer.exe

    :Services
    yaepuu1cuayi

    :Files
    C:\Program Files\P2P_Torrent
    C:\Documents and Settings\All Users\Application Data\city about store file
    C:\Documents and Settings\Nicolas\Application Data\frag about

    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\WKPTWFAR\happynewyear2008[1].com"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Avg Antivirus"=-
    "HotbarOE"=-
    "runner1"=-
    "HotbarSA"=-
    "Store file readme bash"=-
    "rukaquos"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "WeatherDPA"=-
    "Site Help"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "system32"=-

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


    Clique sur MoveIt! pour lancer la suppression.
    Après avoir fait Moveit!, une fenêtre s’affiche :
    "The system requires a reboot to finish removing files. Do you want to reboot now ?"
    Réponds Yes.
    Le résultat apparaîtra dans le cadre "Results".
    Clique sur Exit pour fermer.
    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    ********

    Comment va globalement le PC ?
    0
  19. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========

    Service\Driver yaepuu1cuayi deleted successfully.
    ========== FILES ==========
    C:\Program Files\P2P_Torrent moved successfully.
    C:\Documents and Settings\All Users\Application Data\city about store file moved successfully.
    C:\Documents and Settings\Nicolas\Application Data\frag about moved successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\WKPTWFAR\happynewyear2008[1].com deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Avg Antivirus deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotbarOE deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotbarSA deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Store file readme bash deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rukaquos deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherDPA deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Site Help deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\system32 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 115884 bytes
    ->Temporary Internet Files folder emptied: 2384543 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 102321706 bytes

    User: Nicolas
    ->Temp folder emptied: 1422735954 bytes
    ->Temporary Internet Files folder emptied: 128350740 bytes
    ->Java cache emptied: 5205141 bytes
    ->Apple Safari cache emptied: 18572362 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 11410944 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_56c.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 1539730 bytes
    RecycleBin emptied: 452369125 bytes

    Total Files Cleaned = 2045,67 mb

    OTM by OldTimer - Version 3.0.0.6 log created on 08252009_123531

    Files moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_56c.dat not found!

    Registry entries deleted on Reboot...

    Globalement l'Ordinateur va bien... Cependant je n'ai pas encore eu l'occasion de tester la connexion a long terme...

    @+

    Manga57
    0
  20. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Comment va globalement le PC ?
    0
  21. manga57 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention  
     
    Je le trouve légérement plus rapide et la connexion semble tenir...

    Avons nous terminé ...

    Manga 57
    0
  • 1
  • 2