Pubs intempestives et bloquages Résolu/Fermé

Question

Bonjour à tous, chers Cçm-eurs,
deux problèmes concernant mon ordi m'amène à vous demander votre aide:
le premier: depuis quelques temps maintenant, des pubs apparaissent sur mon ordi qqe soit mon activité.
le deuxieme: depuis ce matin, mon ordi bloque, tout est normal et d'un coup, l'écran se fige.

En regardant les messages précédants, j'ai vu qu'il fallait utiliser zhd, je vous donne donc le lien:
http://www.cijoint.fr/cjlink.php?file=cj201101/cijOpHrphj.txt

S'il y a un problème prévenait moi, car à cause de ce problème de blocage, j'ai du redémarrer mon ordi à 5 reprises.




Configuration: Windows XP / Opera 9.80

jfkpresident · Answer

Hello,

Houlala...La collection d'infections ! Tu les élevent ? :)

 Télécharges AD-Remover sur ton bureau :


    /!\ Déconnectes toi et fermes toutes applications en cours

    ? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ? Double clique sur l'icône Ad-removersituée sur ton bureau
    ? Au menu principal choisi l'option "Nettoyer"
    ? Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

yocriss · Answer

Si je les éleve!!! Excelent. 
Bien, en fait, j'y avais pensé mais très rapidement on m'a fait comprendre que ce n'était pas une bonne idée, je pensais que je les avais tous exterminées mais en fait non...
Plus sérieusement, je copie le rapport:
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 16/01/11 à 02:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:52:54 le 17/01/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
patou@MAISON ( ) 
 
============== ACTION(S) ==============

Service: "MyWebSearchService" Stoppé et supprimé 

Fichier supprimé: C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.jar
Fichier supprimé: C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.manifest
Fichier supprimé: C:\Program Files\Mozilla FireFox\Plugins\NPMyWebS.dll
Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchTheWeb.xml
Fichier supprimé: C:\WINDOWS\system32\f3PSSavr.scr
Fichier supprimé: C:\WINDOWS\Temp\msksetup.log
Dossier supprimé: C:\Documents and Settings\patou\Application Data\Mozilla\FireFox\Profiles\x2qubc10.default\conduit
Dossier supprimé: C:\Documents and Settings\patou\Application Data\Mozilla\FireFox\Profiles\x2qubc10.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\patou\Application Data\Mozilla\FireFox\Profiles\x2qubc10.default\extensions\engine@conduit.com
Dossier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\FunWebProducts
Dossier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\HottieStar Toolbar
Dossier supprimé: C:\Program Files\MyWebSearch
Dossier supprimé: C:\Documents and Settings\patou\Application Data\Toolbar4
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Trymedia
Dossier supprimé: C:\Documents and Settings\patou\Application Data\EoRezo
Dossier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\EoRezo
Dossier supprimé: C:\Program Files\EoRezo
Dossier supprimé: C:\Documents and Settings\patou\Application Data\ItsLabel
Dossier supprimé: C:\Documents and Settings\patou\Application Data\Soft2PC
Dossier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\Soft2PC
Dossier supprimé: C:\Program Files\Soft2PC
Fichier supprimé: C:\Program Files\Windows Live\Messenger\Riched20.dll
Fichier supprimé: C:\Program Files\Windows Live\Messenger\Msimg32.dll
Fichier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\ywysw_nav.dat
Fichier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\ywysw.dat
Fichier supprimé: C:\Documents and Settings\patou\Local Settings\Application Data\ywysw_navps.dat

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\patou\Application Data\Mozilla\FireFox\Profiles\x2qubc10.default\Prefs.js --
/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
-- Fichier Fermé --
 

Clé supprimée: HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Clé supprimée: HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
Clé supprimée: HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
Clé supprimée: HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Clé supprimée: HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Clé supprimée: HKLM\Software\Classes\CLSID\{5E0C312A-E782-4A68-BC93-25258C84CAEE}
Clé supprimée: HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé supprimée: HKLM\Software\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Clé supprimée: HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Clé supprimée: HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Clé supprimée: HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Clé supprimée: HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Clé supprimée: HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Clé supprimée: HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
Clé supprimée: HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Clé supprimée: HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Clé supprimée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Clé supprimée: HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Clé supprimée: HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Clé supprimée: HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\CLSID\{F274E6FF-E717-4304-93FC-F0E7CF3A751E}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F274E6FF-E717-4304-93FC-F0E7CF3A751E}
Clé supprimée: HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Clé supprimée: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Clé supprimée: HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Clé supprimée: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Clé supprimée: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Clé supprimée: HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé supprimée: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé supprimée: HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Clé supprimée: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Clé supprimée: HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Clé supprimée: HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Clé supprimée: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Clé supprimée: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Clé supprimée: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Clé supprimée: HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Clé supprimée: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Clé supprimée: HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
Clé supprimée: HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Clé supprimée: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Clé supprimée: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Clé supprimée: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Clé supprimée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Clé supprimée: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Clé supprimée: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Clé supprimée: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Clé supprimée: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Clé supprimée: HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Clé supprimée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
Clé supprimée: HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Clé supprimée: HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Clé supprimée: HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Clé supprimée: HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Clé supprimée: HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
Clé supprimée: HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Clé supprimée: HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Clé supprimée: HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ywysw
Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBho
Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBho.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.DataControl
Clé supprimée: HKLM\Software\Classes\FunWebProducts.DataControl.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HTMLMenu
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HTMLMenu.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HTMLMenu.2
Clé supprimée: HKLM\Software\Classes\FunWebProducts.IECookiesManager
Clé supprimée: HKLM\Software\Classes\FunWebProducts.IECookiesManager.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.KillerObjManager
Clé supprimée: HKLM\Software\Classes\FunWebProducts.KillerObjManager.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.HTMLPanel
Clé supprimée: HKLM\Software\Classes\MyWebSearch.HTMLPanel.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.OutlookAddin
Clé supprimée: HKLM\Software\Classes\MyWebSearch.OutlookAddin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Clé supprimée: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller
Clé supprimée: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Clé supprimée: HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
Clé supprimée: HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2102473
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2233703
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé supprimée: HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
Clé supprimée: HKLM\Software\EoRezo
Clé supprimée: HKLM\Software\ItsLabel
Clé supprimée: HKLM\Software\soft2PC
Clé supprimée: HKLM\Software\AskBarDis
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKLM\Software\FocusInteractive
Clé supprimée: HKLM\Software\Fun Web Products
Clé supprimée: HKLM\Software\MyWebSearch
Clé supprimée: HKLM\Software\Trymedia Systems
Clé supprimée: HKCU\Software\EoRezo
Clé supprimée: HKCU\Software\ItsLabel
Clé supprimée: HKCU\Software\soft2PC
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\fcn
Clé supprimée: HKCU\Software\FunWebProducts
Clé supprimée: HKCU\Software\Lanconfig
Clé supprimée: HKCU\Software\MyWebSearch
Clé supprimée: HKCU\Software\PartyGaming
Clé supprimée: HKCU\Software\AppDataLow\AskHomePage
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GamesBar
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ItsLabel
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC2D3A6-9480-43FB-B583-2FC61A4541AE}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
Clé supprimée: HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Clé supprimée: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Clé supprimée: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Clé supprimée: HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Clé supprimée: HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ywysw
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|helper
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Plugin
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.13 (fr)] **

-- C:\Documents and Settings\patou\Application Data\Mozilla\FireFox\Profiles\x2qubc10.default\Prefs.js --
browser.download.lastDir, H:\docs
browser.search.defaultenginename, SearchTheWeb
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
browser.startup.homepage, hxxp://search.iminent.com/?appId=00000000-0000-0000-0000-000000000000&lcid=1036&ref=homepage
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=kXdGmQFAp.MicjGlJc2NVQ&url=hxxp://search...

========================================

** Internet Explorer Version [7.0.5730.13] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 656 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 17/01/2011 (21559 Octet(s)) 

Fin à: 19:55:54, 17/01/2011 
 
============== E.O.F ==============

jfkpresident · Answer

On enchaine parcequ'il reste du monde :

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://www.malwarebytes.com/

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse

yocriss · Answer

Par contre, mon antivirus (avast) est désactivé et refuse de se réactiver, est-ce normal?


Il y a un probleme avec le forum, j'ai essayé à 5 reprises de poster mon rapport mais à chaque fois il disparait et ne reste que les 2 premieres ligne, que faire?

jfkpresident · Answer

Je vais voir avec la modération .

yocriss · Answer

Je vais réessayer: Le rapport MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5542

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17/01/2011 22:24:01
mbam-log-2011-01-17 (22-24-01).txt

Type d'examen: Examen complet (A:\|C:\|H:\|J:\|)
Elément(s) analysé(s): 311410
Temps écoulé: 1 heure(s), 32 minute(s), 46 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 149

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\Firewall Administrating (Backdoor.IRCBot) -> Value: Firewall Administrating -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\patou\local settings\application data\Opera\Opera\profile\cache4	emporary_download\mywebfacesetup2.3.50.53.grman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings\Temp
sc11B.tmp\NSISdl.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}	df.dat (Adware.BHO) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\documents and settings\patou\application data\EoRezo\softwareupdate\softwareupdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\documents and settings\patou\application data\EoRezo\softwareupdate\softwareupdatehp.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\documents and settings\patou\application data\Soft2PC\Software\software.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\documents and settings\patou\application data\Soft2PC\Software\softwarehp.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\EoRezo\eorezo.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\EoRezo\eorezobho.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mozilla firefox\Plugins
pmywebs.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3cjpeg.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3dtactl.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3histsw.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3hkstub.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3htmlmu.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3httpct.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3popswt.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3reghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3reprox.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3restub.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3schmon.exe.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3scrctr.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3wphook.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3auxstb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3dlghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3highin.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3html.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3idle.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3impipe.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3medint.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3msg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3outlcn.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3patch.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3plugin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3skin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3skplay.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3slsrch.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3srchmn.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsbar.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoeplg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwssrcas.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin
pmywebs.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\windows live\messenger\msimg32.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\windows live\messengeriched20.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\WINDOWS\system32\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP782\A0198335.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP784\A0199485.exe (Adware.WhenU) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215863.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215827.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215845.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215828.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215838.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215839.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215840.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215841.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215842.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215843.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215844.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215846.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215847.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215848.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215849.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215850.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215851.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215852.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215853.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215855.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215856.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215857.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215858.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215859.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215860.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215862.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215864.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215865.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215866.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215867.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215868.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215869.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215870.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215871.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215872.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215873.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215874.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0215875.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216091.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216092.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216095.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216096.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216295.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216296.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216300.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5be9bc95-09ff-4ae1-91ca-4685a549bbcb}\RP808\A0216301.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
h:\docs	éléchargements\goldentiger.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\microsoft\commondirectivetypes.xsd (Malware.Trace) -> Quarantined and deleted successfully.
c:\microsoft\htmdlgs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\microsoft\IE6_0.XSD (Malware.Trace) -> Quarantined and deleted successfully.
c:\microsoft\mnmsrvc.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\microsoft\MSINET.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
c:\microsoft\SYSINFO.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
c:\microsoft\UCSCRIBE.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\wintybrd.jpg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\currentversion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}	df.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\Data\productinfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_05.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_smiley_tellafriend.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_01.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_02.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_03.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_04.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_06.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_07.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_08.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_09.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_10.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_11.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_12.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_13.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data\module_webdropdown_14.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Data	oolbarlayout.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_10.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_01.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_01.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_02.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_02.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_03.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_03.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_04.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_04.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_05.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_05.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_06.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_06.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_07.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_07.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_08.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_09.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_11.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_12.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_13.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\patou\local settings	emporary internet files\New_tdf\Icons\module_webdropdown_14.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.

jfkpresident · Answer

Merci crapoulou -;)

Maintenant recolle moi un nouveau log ZhpDiag pour faire le point .

yocriss · Answer

Voici le nouveau rapport, il est tout chaud, il vient de sortir:

http://www.cijoint.fr/cjlink.php?file=cj201101/cij11Kva6y.txt

jfkpresident · Answer

* Télécharge et install UsbFix par El Desaparecido , C_XX & Chimay8 

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

* Double clic sur le raccourci UsbFix présent sur ton bureau .

* Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

* Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée] 

* Laisse travailler l'outil.

* Ensuite post le rapport UsbFix.txt qui apparaitra.

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

yocriss · Answer

Voici le rapport:

############################## | UsbFix 7.038 | [Suppression]

Utilisateur: patou (Administrateur) # MAISON [ ]
Mis à jour le 14/01/2011 par El Desaparecido / C_XX
Lancé à 18:00:20 | 18/01/2011
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: AMD Athlon(tm) XP 2000+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.13

Pare-feu Windows: Activé
Antivirus: avast! Antivirus 5.0.83952505 [(!) Disabled | Updated]
RAM -> 511 Mo 
C:\ (%systemdrive%) -> Disque fixe # 59 Go (14 Go libre(s) - 23%) [] # NTFS
H:\ -> Disque fixe # 54 Go (30 Go libre(s) - 56%) [données] # NTFS
I:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> CD-ROM
L:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\WINDOWS\mdll.dll
Supprimé! C:\Recycler\S-1-5-21-299502267-73586283-682003330-1004
Supprimé! H:\Recycler\S-1-5-21-299502267-73586283-682003330-1004
Non supprimé ! J:\autorun.inf
Non supprimé ! J:\autorun.exe

################## | Registre |

Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{403706a6-f07f-11dd-b150-0050702502be}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{602d9fdb-83c4-11de-b27f-0050702502be}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{b21d1d25-0fd4-11dd-aeb9-0050702502be}

################## | Listing |

[11/08/2009 - 01:35:46 | D ] 	C:\ab28485296c232030b704f85
[17/01/2011 - 19:55:54 | N | 25810] 	C:\Ad-Report-CLEAN[1].txt
[17/09/2010 - 17:17:57 | N | 0] 	C:\AILog.txt
[21/04/2008 - 19:30:29 | N | 0] 	C:\AUTOEXEC.BAT
[16/12/2010 - 17:15:56 | D ] 	C:\beezik
[21/04/2008 - 22:26:46 | N | 216] 	C:\boot.ini
[30/08/2002 - 13:00:00 | N | 4952] 	C:\Bootfont.bin
[18/01/2011 - 10:43:56 | D ] 	C:\Config.Msi
[21/04/2008 - 19:30:29 | N | 0] 	C:\CONFIG.SYS
[17/01/2011 - 13:08:54 | D ] 	C:\Documents and Settings
[25/07/2010 - 13:14:04 | D ] 	C:\Données Ciel
[22/04/2008 - 11:13:26 | D ] 	C:\EML
[21/04/2008 - 23:09:05 | D ] 	C:\EPSON
[14/04/2009 - 22:21:55 | D ] 	C:\HSF
[21/04/2008 - 19:30:29 | N | 0] 	C:\IO.SYS
[17/01/2011 - 22:24:01 | D ] 	C:\Microsoft
[21/04/2008 - 19:30:29 | N | 0] 	C:\MSDOS.SYS
[09/10/2009 - 11:49:59 | D ] 	C:\My Music
[21/04/2008 - 22:22:08 | N | 47564] 	C:\NTDETECT.COM
[15/09/2008 - 18:34:17 | N | 252240] 	C:
tldr
[29/02/2004 - 16:44:34 | N | 52576] 	C:\orange.bmp
[15/04/2009 - 01:08:50 | D ] 	C:\OrchestraPDV
[18/01/2011 - 17:54:30 | ASH | 1073741824] 	C:\pagefile.sys
[17/01/2011 - 20:47:18 | D ] 	C:\Program Files
[18/01/2011 - 18:08:08 | SHD ] 	C:\RECYCLER
[08/07/2008 - 20:32:45 | N | 232] 	C:\sqmdata00.sqm
[17/09/2008 - 16:21:19 | N | 268] 	C:\sqmdata01.sqm
[17/09/2008 - 16:21:28 | N | 232] 	C:\sqmdata02.sqm
[18/12/2008 - 20:30:19 | N | 268] 	C:\sqmdata03.sqm
[02/05/2009 - 01:10:54 | N | 232] 	C:\sqmdata04.sqm
[02/05/2009 - 01:13:58 | N | 232] 	C:\sqmdata05.sqm
[08/07/2008 - 20:32:45 | N | 244] 	C:\sqmnoopt00.sqm
[17/09/2008 - 16:21:19 | N | 244] 	C:\sqmnoopt01.sqm
[17/09/2008 - 16:21:28 | N | 244] 	C:\sqmnoopt02.sqm
[18/12/2008 - 20:30:19 | N | 244] 	C:\sqmnoopt03.sqm
[02/05/2009 - 01:10:54 | N | 244] 	C:\sqmnoopt04.sqm
[02/05/2009 - 01:13:58 | N | 244] 	C:\sqmnoopt05.sqm
[01/05/2010 - 10:53:02 | SHD ] 	C:\System Volume Information
[09/09/2010 - 22:26:34 | D ] 	C:	emp
[09/11/2008 - 14:20:04 | D ] 	C:\UbiSoft
[18/01/2011 - 18:08:08 | D ] 	C:\UsbFix
[18/01/2011 - 18:08:17 | A | 2980] 	C:\UsbFix.txt
[18/01/2011 - 18:07:17 | D ] 	C:\WINDOWS
[26/10/2010 - 15:57:41 | D ] 	H:\age of
[22/07/2009 - 20:58:58 | N | 581632] 	H:\APEX_Destructible.dll
[22/07/2009 - 20:58:52 | N | 294912] 	H:\APEX_Emitter.dll
[22/07/2009 - 20:58:58 | N | 167936] 	H:\APEX_Example.dll
[22/07/2009 - 20:58:50 | N | 151552] 	H:\APEX_Explosion.dll
[22/07/2009 - 20:58:50 | N | 176128] 	H:\APEX_ForceField.dll
[22/07/2009 - 20:59:00 | N | 339968] 	H:\APEX_Particles.dll
[22/07/2009 - 20:59:00 | N | 585728] 	H:\APEX_release.dll
[22/07/2009 - 20:58:52 | N | 180224] 	H:\APEX_Wind.dll
[22/08/2009 - 17:38:10 | D ] 	H:\base
[18/02/2009 - 11:47:50 | N | 171520] 	H:\binkw32.dll
[05/08/2009 - 10:55:28 | N | 4292608] 	H:\darkestofdays.exe
[18/01/2011 - 17:53:02 | D ] 	H:\docs
[26/07/2009 - 14:13:38 | N | 671273] 	H:\Manual.pdf
[11/09/2010 - 14:40:16 | D ] 	H:\materiels
[10/11/2008 - 11:11:26 | N | 124192] 	H:\NxCharacter.dll
[10/11/2008 - 11:11:26 | N | 390432] 	H:\NxCooking.dll
[19/09/2009 - 19:12:44 | D ] 	H:\photos
[10/11/2008 - 11:11:26 | N | 70944] 	H:\PhysXLoader.dll
[22/07/2009 - 09:26:48 | N | 7351] 	H:\README.txt
[18/01/2011 - 18:08:08 | SHD ] 	H:\RECYCLER
[08/06/2009 - 11:13:18 | N | 321536] 	H:\SDL.dll
[01/05/2010 - 10:53:02 | SHD ] 	H:\System Volume Information
[23/04/2008 - 13:50:58 | D ] 	H:	emp
[13/03/2008 - 02:03:05 | RD ] 	J:\AutoRun
[13/03/2008 - 02:10:26 | R | 703552] 	J:\AutoRun.exe
[13/03/2008 - 02:10:26 | R | 670784] 	J:\AutoRunGUI.dll
[13/03/2008 - 02:03:07 | RD ] 	J:\Base
[13/03/2008 - 02:02:58 | RD ] 	J:\DirectX
[13/03/2008 - 02:03:07 | RD ] 	J:\EP2
[13/03/2008 - 02:09:30 | RD ] 	J:\SP4
[13/03/2008 - 00:01:02 | R | 10134] 	J:\Sims2DoubleDeluxe.ico
[13/03/2008 - 02:10:27 | R | 293952] 	J:\Sims2DoubleDeluxe_uninst.exe
[13/03/2008 - 02:09:30 | RD ] 	J:\Support
[13/03/2008 - 02:09:30 | RD ] 	J:\VP6
[13/03/2008 - 02:10:07 | R | 164] 	J:\autorun.inf
[13/03/2008 - 02:10:08 | R | 130934] 	J:\common_filelist.txt
[13/03/2008 - 02:09:58 | R | 57867761] 	J:\compressed.zip
[13/03/2008 - 02:10:27 | R | 359488] 	J:\eauninstall.exe
[13/03/2008 - 00:01:02 | R | 10134] 	J:\eauninstall.ico

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Dossier créé par Panda USB Vaccine

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MAISON.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |

jfkpresident · Answer

Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

Double-clique sur OTMoveIt3.exe pour le lancer.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-HKEY_CLASSES_ROOT\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMBooster"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Iminent.Notifier"=-


:files
C:\Program Files\Iminent
C:\Program Files\IMinent Toolbar
C:\Program Files\Iminent\SearchTheWeb
C:\Program Files\vghd       
C:\Documents and Settings\patou\Application Data\vghd       
C:\WINDOWS\system32\AdobeR.exe 
:services

:commands
[emptytemp]
[start explorer]
[reboot]



Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

yocriss · Answer

Le rapport a pour nom: 

01182011_191648.log

Et voici le rapport:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMBooster deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Iminent.Notifier deleted successfully.
========== FILES ==========
C:\Program Files\Iminent\SearchTheWeb\inst folder moved successfully.
C:\Program Files\Iminent\SearchTheWeb folder moved successfully.
C:\Program Files\Iminent\MMServer folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web\webbooster@iminent.com\defaults\preferences folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web\webbooster@iminent.com\defaults folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web\webbooster@iminent.com\components folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web\webbooster@iminent.com\chrome\content folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web\webbooster@iminent.com\chrome folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web\webbooster@iminent.com folder moved successfully.
C:\Program Files\Iminent\IMBooster4Web folder moved successfully.
C:\Program Files\Iminent\IMBoostero folder moved successfully.
C:\Program Files\Iminent\IMBooster\pt folder moved successfully.
C:\Program Files\Iminent\IMBooster\it folder moved successfully.
C:\Program Files\Iminent\IMBooster\inst\Bootstrapper folder moved successfully.
C:\Program Files\Iminent\IMBooster\inst folder moved successfully.
C:\Program Files\Iminent\IMBooster\fr folder moved successfully.
C:\Program Files\Iminent\IMBooster\es folder moved successfully.
C:\Program Files\Iminent\IMBooster\en folder moved successfully.
C:\Program Files\Iminent\IMBooster\de folder moved successfully.
C:\Program Files\Iminent\IMBooster folder moved successfully.
C:\Program Files\Iminent folder moved successfully.
C:\Program Files\IMinent Toolbar folder moved successfully.
File/Folder C:\Program Files\Iminent\SearchTheWeb not found.
C:\Program Files\vghd folder moved successfully.
C:\Documents and Settings\patou\Application Data\vghd\Data\skins\VirtuaGirlHD\classic skin folder moved successfully.
C:\Documents and Settings\patou\Application Data\vghd\Data\skins\VirtuaGirlHD folder moved successfully.
C:\Documents and Settings\patou\Application Data\vghd\Data\skins folder moved successfully.
C:\Documents and Settings\patou\Application Data\vghd\Data folder moved successfully.
C:\Documents and Settings\patou\Application Data\vghd folder moved successfully.
File/Folder C:\WINDOWS\system32\AdobeR.exe not found.
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temporary Internet Files folder emptied: 205413 bytes
->Flash cache emptied: 41 bytes
 
User: Administrateur.MAISON
->Temp folder emptied: 314 bytes
->Temporary Internet Files folder emptied: 332521 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 41 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13842229 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71637659 bytes
 
User: patou
->Temp folder emptied: 2624987321 bytes
->Temporary Internet Files folder emptied: 15046468 bytes
->Java cache emptied: 22667585 bytes
->FireFox cache emptied: 77075013 bytes
->Google Chrome cache emptied: 557424 bytes
->Apple Safari cache emptied: 5481472 bytes
->Opera cache emptied: 3155298310 bytes
->Flash cache emptied: 1270760 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1581715 bytes
%systemroot%\System32 .tmp files removed: 4939776 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108099395 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23955524 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5 843,00 mb
 
 
OTM by OldTimer - Version 3.1.17.2 log created on 01182011_191648

Files moved on Reboot...
File C:\WINDOWS	emp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

jfkpresident · Answer

Tu utilises Avast ou Norton comme antivirus ?

yocriss · Answer

J'utilise avast.

jfkpresident · Answer

Supprimes les traces de Norton avec cet outil :  http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Dis moi si tu as toujours les pubs et blocages ?

yocriss · Answer

C'est bon, j'ai supprimé les composants résiduels de norton grâce à ton lien. 
De plus, plus aucune publicité n'apparait sur mon ordinateur.
Reste t'il des procédures à effectuer?

jfkpresident · Answer

Je te donne la fin ce soir .

jfkpresident · Answer

Déconnecte toi d'Internet et ferme toutes les applications ouvertes.

1/Double Clique sur l'icone ZhpFix .

2/ZhpFix va s'ouvrir ,clique sur "importer un rapport ZhpDiag" puis "ok" .

3/Laisse travailler l'outil.

4/Coche ces cases (et pas d'autres !):

M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla FireFox\extensions\webbooster@iminent.com       
R3 - URLSearchHook: Iminent.BHO.NavigationError - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Iminent - IminentNavigationBHO.) (3.27.3) -- C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll       
[HKCU\Software\Totem]       
O51 - MPSK:{b21d1d25-0fd4-11dd-aeb9-0050702502be}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\AdobeR.exe (.not file.)       
O4 - HKCU\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)       
O4 - HKUS\S-1-5-21-299502267-73586283-682003330-1004\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)       
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP  
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {15AF6E9C-9169-4A9E-A738-FD28D898091D}  
O42 - Logiciel: SearchTheWeb - (.Iminent.) [HKLM] -- SearchTheWebARP  
O42 - Logiciel: SearchTheWeb - (.Iminent.) [HKLM] -- {1FC253E3-EFB3-44CA-9B37-A2A35612134D}  
[HKCU\Software\Iminent]  
[HKLM\Software\Boonty]  
[HKLM\Software\BrowserChoice]    
[HKLM\Software\Iminent]  
O43 - CFD: 21/02/2009 - 15:18:00 ----D- C:\Program Files\BoontyGames  
O43 - CFD: 07/12/2010 - 11:50:36 ----D- C:\Program Files\Iminent  
O43 - CFD: 08/11/2008 - 16:14:46 ----D- C:\Program Files\Fichiers Communs\BOONTY Shared       
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImApp.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) --      

O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\IncMail.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) --    

O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImpCnt.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) --    

O51 - MPSK:{b21d1d25-0fd4-11dd-aeb9-0050702502be}\Shell\auto\command - Clé orpheline   
    
5/Pour finir clique sur "Nettoyer" .


6/colle le rapport obtenu .

Utilises tu les barres d'outils Softonic et Conduit ?

yocriss · Answer

Elles sont sur mon ordi mais je ne les utilise pas.

jfkpresident · Answer

Ok,on va donc les supprimer mais d'abord colle moi le premier rapport de ZhpFix .

yocriss · Answer

Après de laborieuses recherches, voici le rapport:

Rapport de ZHPFix 1.12.3237 par Nicolas Coolman, Update du 12/01/2011
Fichier d'export Registre : C:\ZHPExportRegistry-19-01-2011-19-29-30.txt
Run by patou at 19/01/2011 19:29:30
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP  => Clé supprimée avec succès
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {15AF6E9C-9169-4A9E-A738-FD28D898091D}  => Clé supprimée avec succès
O42 - Logiciel: SearchTheWeb - (.Iminent.) [HKLM] -- SearchTheWebARP  => Clé supprimée avec succès
O42 - Logiciel: SearchTheWeb - (.Iminent.) [HKLM] -- {1FC253E3-EFB3-44CA-9B37-A2A35612134D}  => Clé supprimée avec succès
HKCU\Software\Iminent  => Clé supprimée avec succès
HKCU\Software\Totem  => Clé supprimée avec succès
HKLM\Software\Boonty  => Clé supprimée avec succès
HKLM\Software\BrowserChoice  => Clé supprimée avec succès
HKLM\Software\Iminent  => Clé supprimée avec succès
O51 - MPSK:{b21d1d25-0fd4-11dd-aeb9-0050702502be}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\AdobeR.exe (.not file.)  => Clé absente
O51 - MPSK:{b21d1d25-0fd4-11dd-aeb9-0050702502be}\Shell\auto\command - Clé orpheline  => Clé absente

========== Valeur(s) du Registre ==========
R3 - URLSearchHook: Iminent.BHO.NavigationError - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Iminent - IminentNavigationBHO.) (3.27.3) -- C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll  => Valeur supprimée avec succès
O4 - HKCU\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)  => Valeur supprimée avec succès
O4 - HKUS\S-1-5-21-299502267-73586283-682003330-1004\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)  => Valeur absente
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImApp.exe" [Enabled] .(.) (.not file.) --  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\IncMail.exe" [Enabled] .(.) (.not file.) --  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImpCnt.exe" [Enabled] .(.) (.not file.) --  => Valeur supprimée avec succès

========== Dossier(s) ==========
C:\Program Files\BoontyGames  => Supprimé et mis en quarantaine
C:\Program Files\Iminent  => Dossier absent
C:\Program Files\Fichiers Communs\BOONTY Shared  => Supprimé et mis en quarantaine

========== Fichier(s) ==========
c:\program files\mozilla firefox\extensions\webbooster@iminent.com  => Supprimé et mis en quarantaine
c:\program files\iminent\searchtheweb\iminent.bho.navigationerror.dll  => Fichier absent
c:\program files\ares\ares.exe  => Fichier absent


========== Récapitulatif ==========
11 : Clé(s) du Registre
6 : Valeur(s) du Registre
3 : Dossier(s)
3 : Fichier(s)


End of the scan

jfkpresident · Answer

tres bien ,maintenant on va virer les barre d'outils superflues :

Déconnecte toi d'Internet et ferme toutes les applications ouvertes.

1/Double Clique sur l'icone ZhpFix .

2/ZhpFix va s'ouvrir ,clique sur "importer un rapport ZhpDiag" puis "ok" .

3/Laisse travailler l'outil.

4/Coche ces cases (et pas d'autres !):

R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 3, 1) -- C:\Program Files\PHPNukeFR	bPHP1.dll     
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\Softonic_France	bSoft.dll      
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\PHPNukeFR	bPHP1.dll       
O2 - BHO: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France	bSoft.dll       
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} . (.Pas de propriétaire - ToolBand Module.) -- C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll  
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\PHPNukeFR	bPHP1.dll       
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France	bSoft.dll      
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar      
O42 - Logiciel: PHPNukeFR Toolbar - (.PHPNukeFR.) [HKLM] -- PHPNukeFR Toolbar  
O42 - Logiciel: Softonic_France Toolbar - (.Softonic_France.) [HKLM] -- Softonic_France Toolbar      
[HKCU\Software\PHPNukeFR]  
[HKCU\Software\TBSB01620]      
[HKLM\Software\PHPNukeFR]  
O43 - CFD: 16/12/2010 - 09:45:26 ----D- C:\Program Files\DAEMON Tools Toolbar      
O43 - CFD: 08/10/2010 - 11:56:32 ----D- C:\Program Files\PHPNukeFR  
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar       

5/Pour finir clique sur "Nettoyer" .


6/colle le rapport obtenu .

yocriss · Answer

Travaille moins laborieux que la tache précedante, presque déçu, par contre, 

O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar

tu l'a mis deux fois, c'est juste une erreur de frappe?

Le rapport:

Rapport de ZHPFix 1.12.3237 par Nicolas Coolman, Update du 12/01/2011
Fichier d'export Registre : C:\ZHPExportRegistry-19-01-2011-20-06-05.txt
Run by patou at 19/01/2011 20:06:05
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar  => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle!
O42 - Logiciel: Softonic_France Toolbar - (.Softonic_France.) [HKLM] -- Softonic_France Toolbar  => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle!
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}]  => Clé supprimée avec succès
[HKCR\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}]  => Clé supprimée avec succès
O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\PHPNukeFR	bPHP1.dll  => Clé absente
O2 - BHO: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France	bSoft.dll  => Clé supprimée avec succès
HKCU\Software\PHPNukeFR  => Clé absente
HKCU\Software\TBSB01620  => Clé supprimée avec succès
HKLM\Software\PHPNukeFR  => Clé absente

========== Valeur(s) du Registre ==========
R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 3, 1) -- C:\Program Files\PHPNukeFR	bPHP1.dll  => Valeur absente
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\Softonic_France	bSoft.dll  => Valeur supprimée avec succès
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} . (.Pas de propriétaire - ToolBand Module.) -- C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll  => Valeur absente
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\PHPNukeFR	bPHP1.dll  => Valeur absente
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France	bSoft.dll  => Valeur supprimée avec succès

========== Dossier(s) ==========
C:\Program Files\DAEMON Tools Toolbar  => Supprimé et mis en quarantaine
C:\Program Files\PHPNukeFR  => Supprimé et mis en quarantaine

========== Fichier(s) ==========
c:\program files\phpnukefr	bphp1.dll  => Supprimé et mis en quarantaine
c:\program files\softonic_france	bsoft.dll  => Supprimé et mis en quarantaine
c:\program files\daemon tools toolbar\dttoolbar.dll  => Fichier absent

========== Logiciel(s) ==========
O42 - Logiciel: PHPNukeFR Toolbar - (.PHPNukeFR.) [HKLM] -- PHPNukeFR Toolbar  => Logiciel supprimé avec succès


========== Récapitulatif ==========
9 : Clé(s) du Registre
5 : Valeur(s) du Registre
2 : Dossier(s)
3 : Fichier(s)
1 : Logiciel(s)


End of the scan

jfkpresident · Answer

tu l'a mis deux fois, c'est juste une erreur de frappe? 

Oui :)

==*Nettoyage des outils*==

Pour Xp : Double clique sur l'icône ZHPFix.exe sur ton Bureau.

Pour Vista : Clique droit sur l'icône ZHPFix.exe sur ton Bureau,
puis sélectionne 'Exécuter en tant qu'administrateur'.

Relance ZHPFix sur ton Bureau.

Clique sur le A rouge (Nettoyeur de Tools).

Clique sur Nettoyer.

Fais redémarrer l'ordi pour terminer le nettoyage. 

============

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain. 

* Désactivation : 
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs" 
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok. 

* Activation : 
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs" 
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur.. 

============

Installe Ccleaner si tu ne le possedes pas :

Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l'installation, [décoche] l'option qui t'installerait Google chrome !

============

Je te conseille de lire ce qui suit (notamment les téléchargements P2P !) :

danger du P2P et des cracks

également un exemple concret ici ou l'internaute ne pouvait plus rien faire de sa machine ...

Les toolbars ,c'est pas obligatoire

En te souhaitant bonne continuation sur la toile .

Je passe en "résolu" .

Pubs intempestives et bloquages

24 réponses

Discussions similaires