Sujet Précédent Sujet Suivant

Ordinateur infecté

Fermé
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010 - 29 août 2009 à 19:12
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010 - 30 août 2009 à 17:28
Bonjour, j'ai récemment recu des avertissements de antivir qui me disais de bloquer l'acces à certains virus donc jusque la tout allait bien , jusqu'a hier mon ordi s'éteignait de facon injustifié donc j'ai trouvé ca très louche.
J'ai donc utilisé spybot qui a reperé 217 infections , au moment de corriger les erreurs spybot se bloquait puis l'ordi a commencé a sonner à chaque clik de la souris puis s'ouvrait l'avertissement d'antivir qui me disais de bloqué l'acces.
Je voudrais trouver un moyen de supprimer tous cette infention qui pour l'instant ne m'a rien encore fait de grave, donc je voudrais un peu d'aide de votre part s'in vous plait.

J'ai analysé avec hijackthis voici le rapport, je vous donne le rapport de malwarebytes bientot a plus.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Kévin at 2009-08-29 16:58:35
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 9 GB (12%) free of 78 GB
Total RAM: 1279 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:54, on 29/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eagle2.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Documents and Settings\Kévin\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\S4TSR.EXE
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MyWebSearch\bar\1.bin\m3SkPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Kévin\Bureau\RSIT.exe
C:\Program Files\trend micro\Kévin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [BigDog302] C:\WINDOWS\eagle2.EXE Vimicro USB PC Camera (ZC0302)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Kévin\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJman000
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kévin\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA41A02-EBE5-44EF-9AAC-1D618FACA056}: NameServer = 217.175.160.104 217.175.160.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
A voir également:

9 réponses

Réponse 1 / 9
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
29 août 2009 à 19:24
Salut,

♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


♦ Déconnecte toi et ferme toutes applications en cours !

♦ Double-clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

♦ Au menu principal choisis l'option "S" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Un rapport est généré, postes le stp

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )


♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 2 / 9
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010
29 août 2009 à 19:59
voici le repport ad move

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Q | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 26/08/2009 à 6:37 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:39:33, 29/08/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
Nom du PC: VETERAN | Utilisateur actuel: K‚vin
.
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: "MyWebSearchService"
.
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244f69}
HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
HKCR\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\Typelib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\Typelib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKCR\Typelib\{3E720450-B472-4954-B7AA-33069EB53906}
HKCR\Typelib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Typelib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKCR\Typelib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKCR\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\Software\Classes\screensavercontrol.screensaverinstaller
HKLM\Software\Classes\screensavercontrol.screensaverinstaller.1
HKLM\Software\Classes\Typelib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Typelib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Typelib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\Typelib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\Typelib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Typelib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Typelib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Typelib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Typelib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\Typelib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\Typelib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\Typelib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\Typelib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\Software\Classes\Typelib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\Software\Classes\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\Software\Classes\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\Software\EoRezo
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\MyWebSearch
HKLM\Software\Search Settings
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKU\S-1-5-21-1801674531-823518204-725345543-1005\Software\Eorezo
HKU\S-1-5-21-1801674531-823518204-725345543-1005\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
.
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo
C:\DOCUME~1\KVIN~1\APPLIC~1\Search Settings
C:\Program Files\MyWebSearch
C:\WINDOWS\System32\f3PSSavr.scr
C:\WINDOWS\Installer\b6f12d4.msi
C:\Documents and Settings\K‚vin\Application Data\Eorezo
C:\Program Files\Windows Live\Messenger\Riched20.dll
C:\WINDOWS\Prefetch\M3IMPIPE.EXE-343FCD73.pf
C:\WINDOWS\Prefetch\M3SKPLAY.EXE-08DD6D84.pf
C:\WINDOWS\Prefetch\M3SRCHMN.EXE-214A5037.pf
C:\WINDOWS\Prefetch\MWSOEMON.EXE-22AAA5A1.pf
C:\WINDOWS\Prefetch\MWSSETUP.EXE-01DF5FBB.pf
C:\WINDOWS\Prefetch\MWSSVC.EXE-03988041.pf
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-152AA6B0.pf
C:\WINDOWS\Prefetch\ZWINKYSETUP2.3.50.53.ZJMAN000-0C176CD0.pf
C:\Documents and Settings\Roselyne\Cookies\roselyne@eorezo[2].txt
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version [Impossible d'obtenir la version] *
.
Nom du profil: cfx85ktg.default (K‚vin)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://google.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.7");
.
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJman000&ptb=fOKtsp9C05K6MoOSBuELYA
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\Patch.txt
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Documents and Settings\K‚vin\Local Settings\Temp\sspatch.exe
.
.
===================================
.
14407 Octet(s) - C:\Ad-Report-SCAN.log
.
1084 Fichier(s) - C:\DOCUME~1\KVIN~1\LOCALS~1\Temp
21 Fichier(s) - C:\WINDOWS\Temp
.
0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 17:52:08 | 29/08/2009
.
============== E.O.F ==============
.
0
Réponse 3 / 9
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
29 août 2009 à 20:05
♦ Déconnecte toi et ferme toutes applications en cours !

♦ Double-clique sur le raccourci Ad-remover

♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Un rapport est généré, postes le stp

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )


♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

------------------------
- Télécharge Malwarebytes' Anti-Malware


- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
- Exécutes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
- A la fin du scan clic sur " Afficher les résultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la sélection "
- Si il a besoin de redémarrer le pc pour finir la désinfection, acceptes
- Un rapport s'établira, postes son contenu.
0
Réponse 4 / 9
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010
29 août 2009 à 20:58
Rapport ad move

HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\Software\EoRezo
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\MyWebSearch
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
.
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\cache
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Download
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\help_config.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\unins000.dat
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\unins000.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\user_config.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\user_profil.cyp
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\eobrowserpub
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\eoengine
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\eobrowserpub\1.0.0.1
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.2
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.4
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.7
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.8
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.4\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.7\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.8\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4\itstv.exe
C:\DOCUME~1\KVIN~1\APPLIC~1\EoRezo
C:\DOCUME~1\KVIN~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\KVIN~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\KVIN~1\APPLIC~1\Search Settings\kb128\temp\ws-14484.log
C:\DOCUME~1\KVIN~1\APPLIC~1\Search Settings\kb128\temp\ws-14485.log
C:\DOCUME~1\KVIN~1\APPLIC~1\Search Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Cache
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\0F2DA1AE
C:\Program Files\MyWebSearch\bar\Cache\0F2DDF05
C:\Program Files\MyWebSearch\bar\Cache\0F2DEE47.bin
C:\Program Files\MyWebSearch\bar\Cache\0F2DF2BC.bin
C:\Program Files\MyWebSearch\bar\Cache\0F2E01CF.bin
C:\Program Files\MyWebSearch\bar\Cache\0F2E08D4.bin
C:\Program Files\MyWebSearch\bar\Cache\0F2E140F.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnbg.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnn1.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnn2.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtny1.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtny2.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebclose.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\reb_bg.png
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch
C:\WINDOWS\System32\f3PSSavr.scr
C:\WINDOWS\Installer\b6f12d4.msi
C:\Program Files\Windows Live\Messenger\riched20.dll
C:\WINDOWS\Prefetch\M3IMPIPE.EXE-343FCD73.pf
C:\WINDOWS\Prefetch\M3SKPLAY.EXE-08DD6D84.pf
C:\WINDOWS\Prefetch\M3SRCHMN.EXE-214A5037.pf
C:\WINDOWS\Prefetch\MWSOEMON.EXE-22AAA5A1.pf
C:\WINDOWS\Prefetch\MWSSETUP.EXE-01DF5FBB.pf
C:\WINDOWS\Prefetch\MWSSVC.EXE-03988041.pf
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-152AA6B0.pf
C:\WINDOWS\Prefetch\ZWINKYSETUP2.3.50.53.ZJMAN000-0C176CD0.pf
C:\DOCUME~1\KVIN~1\Cookies\k‚vin@eorezo[1].txt
C:\Documents and Settings\Roselyne\Cookies\roselyne@eorezo[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version [Impossible d'obtenir la version] *
.
Nom du profil: cfx85ktg.default (K‚vin)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://google.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.7");
.
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\Patch.txt
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Documents and Settings\K‚vin\Bureau\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
.
.
===================================
.
23579 Octet(s) - C:\Ad-Report-CLEAN.log
14723 Octet(s) - C:\Ad-Report-SCAN.log
.
559 Fichier(s) - C:\DOCUME~1\KVIN~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
28 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 18:33:27 | 29/08/2009
.
============== E.O.F ==============









Rapport malwarebytes

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2713
Windows 5.1.2600 Service Pack 3

29/08/2009 18:53:03
mbam-log-2009-08-29 (18-53-03).txt

Type de recherche: Examen rapide
Eléments examinés: 179977
Temps écoulé: 17 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
29 août 2009 à 21:16
Télécharge et installe ccleaner

- Durant l'installation, décoche la case proposant la barre d'outils yahoo et celle : " ajouter l'option des mises à jour"

- Une fois installé, fermes toutes les applications en cours et lance ccleaner

- clic -->> option -->> avancé et décoche " effacer les fichiers etc... plus vieux que 48h

- Sélectionne " nettoyeur " >> clic sur Analyse puis nettoyage

=> Clic sur " Registre " -> " Chercher des erreurs " --> " Réparer les erreurs " --> recommence l'opération jusqu'à 0 erreur ( répond oui à la sauvegarde, tu la supprimeras plus tard)

Ensuite relance un nouveau rapport RSIT
0
Réponse 6 / 9
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010
29 août 2009 à 21:17
ba d'après les resultats il semblerait que sava mieu la ba en tout cas merci pour l'aide et bonne journée
0
Réponse 7 / 9
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010
30 août 2009 à 07:01
Rapport RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Kévin at 2009-08-30 04:57:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 10 GB (13%) free of 78 GB
Total RAM: 1279 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:57:53, on 30/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eagle2.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\S4TSR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Kévin\Bureau\RSIT.exe
C:\Program Files\trend micro\Kévin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [BigDog302] C:\WINDOWS\eagle2.EXE Vimicro USB PC Camera (ZC0302)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kévin\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA41A02-EBE5-44EF-9AAC-1D618FACA056}: NameServer = 217.175.160.104 217.175.160.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 8 / 9
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 572
30 août 2009 à 11:39
* Télécharge OTM (OldTimer) sur ton Bureau.
* Double-clique sur OTM.exe afin de le lancer.
* Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:drivers
a2fac69q
arcnko5h

:files
C:\WINDOWS\system32\drivers\a2fac69q.sys
C:\WINDOWS\system32\drivers\arcnko5h.sys 

:commands
[emptytemp]
[reboot]



Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
* Clique maintenant sur le bouton MoveIt! puis ferme OTM.


---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

* Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 9 / 9
sarved Messages postés 29 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 janvier 2010
30 août 2009 à 17:28
OT move
========== PROCESSES ==========
Process explorer.exe killed successfully.
Error: Unable to interpret <:drivers> in the current context!
Error: Unable to interpret <a2fac69q> in the current context!
Error: Unable to interpret <arcnko5h> in the current context!
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\a2fac69q.sys not found.
File/Folder C:\WINDOWS\system32\drivers\arcnko5h.sys not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KVIN~1\LOCALS~1\Temp\IadHide4.dll scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 08302009_151614

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\KVIN~1\LOCALS~1\Temp\IadHide4.dll
C:\DOCUME~1\KVIN~1\LOCALS~1\Temp\IadHide4.dll NOT unregistered.
C:\DOCUME~1\KVIN~1\LOCALS~1\Temp\IadHide4.dll moved successfully.
0

Discussions similaires

j'ai renversé de l'eau sur mon pc portable
sardine -
moudubulbe -

14 réponses
Comment taper l'arobase sur un pc hp ?
kadem -
Tatopoulosse -

5 réponses