Sujet Précédent Sujet Suivant

Y.lo.st

Résolu/Fermé
daniel issy - 20 mai 2010 à 10:07
H3RV3 Messages postés 3591 Date d'inscription samedi 17 octobre 2009 Statut Contributeur sécurité Dernière intervention 7 novembre 2014 - 20 mai 2010 à 19:38
Bonjour,

je suis infecté par eorezo, que j'ai désinstallé par le panneau de config, j'ai chargé AD-R version 2.0.0.0 et scanné je transmets ci après le rapport. pouvez vous me donner les instructions pour irradiquer y.lo.st
merci de votre aide

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 09:49:09 le 20/05/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86)
Nom du PC: DANIEL
Utilisateur actuel: Soso
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Application Data\Bandoo
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bandoo
C:\Documents and Settings\LocalService\Local Settings\Application Data\EoRezo
C:\Documents and Settings\LocalService\Local Settings\Application Data\EoRezo\EoRezo
C:\Documents and Settings\Soso\Application Data\Bandoo
C:\Documents and Settings\Soso\Application Data\EoRezo
C:\Documents and Settings\Soso\Application Data\HbTools
C:\Program Files\Bandoo
C:\Program Files\EoRezo
C:\Program Files\MyWebSearch
.
HKCU\Software\EoRezo
HKCU\Software\Fun Web Products
HKCU\Software\FunkyEmoticons
HKCU\Software\FunWebProducts
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\MyWebSearch
HKLM\Software\bandoo
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKLM\Software\Classes\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F}
HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu
HKLM\Software\Classes\FunWebProducts.HTMLMenu.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu.2
HKLM\Software\Classes\FunWebProducts.IECookiesManager
HKLM\Software\Classes\FunWebProducts.IECookiesManager.1
HKLM\Software\Classes\FunWebProducts.KillerObjManager
HKLM\Software\Classes\FunWebProducts.KillerObjManager.1
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKLM\Software\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
HKLM\Software\Classes\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKLM\Software\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
HKLM\Software\Classes\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
HKLM\Software\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKLM\Software\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
HKLM\Software\Classes\MyWebSearch.HTMLPanel
HKLM\Software\Classes\MyWebSearch.HTMLPanel.1
HKLM\Software\Classes\MyWebSearch.OutlookAddin
HKLM\Software\Classes\MyWebSearch.OutlookAddin.1
HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin
HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin
HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1
HKLM\Software\Classes\screensavercontrol.screensaverinstaller
HKLM\Software\Classes\screensavercontrol.screensaverinstaller.1
HKLM\Software\Classes\shprrprts.hbcommband
HKLM\Software\Classes\shprrprts.hbcommband.1
HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\Software\EoRezo
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunkyEmoticons
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\MyWebSearch
HKLM\Software\Viewpoint
HKU\.DEFAULT\Software\EoRezo
HKU\S-1-5-18\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|winusr
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.0.19 (fr) *
.
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\Soso\\Bureau
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Soso\\Bureau
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.search.defaultenginename: Yahoo
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.search.defaulturl: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.search.selectedEngine: Google
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.startup.homepage: hxxp://y.lo.st
C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.19
.
TROUVÉ: C:\Documents and Settings\Soso\..\c3if8mhw.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://y.lo.st");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp:/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 0 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 477 Octet(s)
C:\Ad-Report-SCAN[2].txt - 477 Octet(s)
C:\Ad-Report-SCAN[3].txt - 11046 Octet(s)
.
Fin à: 09:56:01, 20/05/2010
.
============== E.O.F - SCAN[3] ==============


3 réponses

Réponse 1 / 3
H3RV3 Messages postés 3591 Date d'inscription samedi 17 octobre 2009 Statut Contributeur sécurité Dernière intervention 7 novembre 2014 280
20 mai 2010 à 11:16
Salut,

Tu peux passer l'option "Nettoyage" de Ad-Remover.
0
Réponse 2 / 3
Danielissy
20 mai 2010 à 13:06
merci pour cette efficace intervention, je souhaite faire partie du forum,pouvez vous me donner le chemin à prendre...encore bravo !!...
0
Réponse 3 / 3
H3RV3 Messages postés 3591 Date d'inscription samedi 17 octobre 2009 Statut Contributeur sécurité Dernière intervention 7 novembre 2014 280
20 mai 2010 à 19:38
Pour l'inscription au forum, c'est par ici ==> http://www.commentcamarche.net/communaute/inscription.php3
0