Sujet Précédent Sujet Suivant

Des rapports d'AD-R et de Malware bytes'

Résolu/Fermé
alainbrest Messages postés 575 Date d'inscription jeudi 18 octobre 2007 Statut Membre Dernière intervention 18 juillet 2015 - 15 févr. 2011 à 12:57
alainbrest Messages postés 575 Date d'inscription jeudi 18 octobre 2007 Statut Membre Dernière intervention 18 juillet 2015 - 15 févr. 2011 à 15:50
Bonjour,

je voudrai vous envoyer les derniers rapports de malware bytes' et d'ad remover pour que vous me les analysiez.

est ce possible ?

connaissez vous un ou des sites / un ou des programmes qui le fassent ?

sans vouloir vous déranger , j'apprécierai votre aide


5 réponses

Réponse 1 / 5
Profil bloqué
Modifié par Windowsxp.exe le 15/02/2011 à 13:01
Vasi met les, on va analyser ça.
0
Réponse 2 / 5
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
15 févr. 2011 à 13:01
Bonjour,

Pourquoi as-tu passé Ad-Remover et Malwarebytes' ? Tu as des problèmes avec ton PC?

Poste les rapports ici, on va analyser ça ;-)
0
Réponse 3 / 5
alainbrest Messages postés 575 Date d'inscription jeudi 18 octobre 2007 Statut Membre Dernière intervention 18 juillet 2015 10
15 févr. 2011 à 13:19
======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [3]) -> Lancé à 12:07:01 le 15/02/2011, Mode sans echec

Microsoft Windows 7 Édition Familiale Premium (X64)
francois@FRANCOIS-TOSH (TOSHIBA Satellite C660)

============== RECHERCHE ==============

Service: "Fun4IM Coordinator" Présent

Fichier trouvé: C:\Program Files (x86)\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier trouvé: C:\Program Files (x86)\Windows Searchqu Toolbar
Dossier trouvé: C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default\extensions\firefox@bandoo.com
Dossier trouvé: C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
Dossier trouvé: C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default\searchqutb
Fichier trouvé: C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default\searchplugins\SearchquWebSearch.xml
Dossier trouvé: C:\Users\francois\AppData\Roaming\Bandoo
Dossier trouvé: C:\ProgramData\Bandoo
Dossier trouvé: C:\ProgramData\Fun4IM
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fun4IM
Dossier trouvé: C:\Program Files (x86)\Fun4IM
Dossier trouvé: C:\Users\francois\AppData\LocalLow\SearchquTB
Dossier trouvé: C:\Users\francois\AppData\Local\Conduit
Dossier trouvé: C:\Users\francois\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files (x86)\Conduit
Dossier trouvé: C:\Users\francois\AppData\LocalLow\ConduitEngine
Dossier trouvé: C:\Program Files (x86)\ConduitEngine
Dossier trouvé: C:\Users\francois\AppData\Roaming\EoRezo

-- Fichier ouvert: C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default\Prefs.js --
Ligne trouvée: user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Ligne trouvée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=");
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
Clé trouvée: HKLM\Software\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
Clé trouvée: HKLM\Software\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
Clé trouvée: HKLM\Software\Classes\CLSID\{11369B27-DBC1-41EE-8D83-07205693876D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11369B27-DBC1-41EE-8D83-07205693876D}
Clé trouvée: HKLM\Software\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
Clé trouvée: HKLM\Software\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé trouvée: HKLM\Software\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
Clé trouvée: HKLM\Software\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
Clé trouvée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKLM\Software\Classes\CLSID\{872F3C0B-4462-424c-BB9F-74C6899B9F92}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}
Clé trouvée: HKLM\Software\Classes\AppID\{9C123289-82E1-4da7-A3C2-B8D28AAD114B}
Clé trouvée: HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Clé trouvée: HKLM\Software\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Clé trouvée: HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Clé trouvée: HKLM\Software\Classes\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}
Clé trouvée: HKLM\Software\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Clé trouvée: HKLM\Software\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Clé trouvée: HKLM\Software\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
Clé trouvée: HKLM\Software\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
Clé trouvée: HKLM\Software\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
Clé trouvée: HKLM\Software\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
Clé trouvée: HKLM\Software\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Clé trouvée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé trouvée: HKLM\Software\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Clé trouvée: HKLM\Software\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Clé trouvée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé trouvée: HKLM\Software\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Clé trouvée: HKLM\Software\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
Clé trouvée: HKLM\Software\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Clé trouvée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Clé trouvée: HKLM\Software\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator.1
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI.1
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult.1
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier
Clé trouvée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier.1
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé trouvée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin
Clé trouvée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin.1
Clé trouvée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl
Clé trouvée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Clé trouvée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl
Clé trouvée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2504091
Clé trouvée: HKLM\Software\Classes\AppID\BandooCoordinator.EXE
Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé trouvée: HKLM\Software\SearchquMediabarTb
Clé trouvée: HKLM\Software\bandoo
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\searchqutb
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E66076F-E254-4FEA-AA66-BD36242E3055}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HWSetup
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoweather
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0 (x)
HKLM_MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0 (x)
Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=403&q={searchTerms}/)
Extensions\{4eef14a8-52fc-7cb7-df21-7d4df2afbdf5} (z)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKLM_Extensions|{B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
HKLM_Extensions|{6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKCU_Extensions|firefox@bandoo.com - C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles/9y2ny7eh.default\extensions\firefox@bandoo.com

-- C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default --
Extensions\amznUWL2@amazon.com (Add to Amazon Wish List Button)
Extensions\chintzee@chintzee.com (Chintzee Amazon Price Tracker)
Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar)
Extensions\firefox@bandoo.com (Fun4IM for Firefox)
Extensions\sidecar@amazon.com (AmazonAssist)
Extensions\toolbar-amazon@alexa.com (Amazon Toolbar)
Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} (Winamp Toolbar)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} (Searchqu Toolbar)
Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Toolbar)
Searchplugins\absearch-search.xml (hxxp://www.astroburn-search.com/search/web?q={searchTerms}/)
Searchplugins\daemon-search.xml (hxxp://www.daemon-search.com/search/web?q={searchTerms}/)
Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=403&q={searchTerms}/)
Searchplugins\winamp-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\francois\\Downloads
Prefs.js - browser.search.defaultenginename, Web Search
Prefs.js - browser.search.selectedEngine, Web Search
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.searchqu.com/403
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
HKCU_SearchScopes\{49B6B973-3F04-4F86-A901-FFCBB5E24323} - "?" (?)
HKCU_SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26} - "Astroburn Search" (hxxp://www.astroburn-search.com/search/web?q={searchTerms})
HKCU_SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403} - "Web Search" (hxxp://www.searchqu.com/web?src=ieb&systemid=403&q={searchTerms})
HKCU_SearchScopes\{9DBAE321-D4F0-460F-A34E-6DACB1305E17} - "?" (?)
HKCU_SearchScopes\{A38A0E9D-81EF-40B7-8FC0-7C77C2EF7D22} - "eBay" (hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
HKLM_SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403} - "Web Search" (hxxp://www.searchqu.com/web?src=ieb&systemid=403&q={searchTerms})
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)
HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020} (C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{28A36D69-07EA-44CE-B298-1A8B3E8B6FE1} - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{34014F33-E625-48B6-B314-101DDBCF160C} - C:\Users\francois\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (?)
HKLM_ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} - C:\Program Files (x86)\Fun4IM\BndCore.exe (Bandoo Media Inc.)
HKLM_ElevationPolicy\{588BDA8F-BFA5-4A34-B2A3-27DD6D35F559} - C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\{5E66076F-E254-4FEA-AA66-BD36242E3055} - C:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (DivX, LLC)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{71274DC5-D6B8-4B74-BBCF-04D76E30772B} - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} - C:\Program Files (x86)\Fun4IM\ExtensionsManager.exe (Bandoo Media Inc.)
HKLM_ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\uninstall.exe (Discordia Ltd.)
HKLM_ElevationPolicy\{88B89B96-F7B2-469D-8F22-5F3BE33DEDDE} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} - C:\Program Files (x86)\Fun4IM\Bandoo.exe (Bandoo Media Inc.)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{EE0DF950-5C7F-4261-8CFA-AE01D71FD9BD} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\SetupUtility.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\MTSProc.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} - C:\Program Files (x86)\Fun4IM\BandooUI.exe (Bandoo Media Inc.)
HKLM_Extensions\{686C970F-1D7D-4469-85D1-4B35763B56CC} - "50 FREE MP3s!" (C:\Program Files (x86)\Winamp\eMusic\roundtarget.ico)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype add-on for Internet Explorer" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\icon.ico)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{7FF99715-3016-4381-84CE-E4E4C9673020} - "Searchqu Toolbar" (C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype add-on for Internet Explorer" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)
BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
BHO\{d7a02273-89b3-6f71-0014-47fb3140db5e} - "qualityads" (C:\Windows\SysWow64\3b091b72.dll)
BHO\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} - "BandooIEPlugin Class" (C:\Program Files (x86)\Fun4IM\Plugins\IE\ieplugin.dll)
BHO\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - "TOSHIBA Media Controller Plug-in" (C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 3 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 12/02/2011 (19830 Octet(s))
C:\Ad-Report-SCAN[2].txt - 15/02/2011 (20223 Octet(s))
C:\Ad-Report-SCAN[3].txt - 15/02/2011 (0 Octet(s))

Fin à: 12:07:55, 15/02/2011

============== E.O.F ==============
0
alainbrest Messages postés 575 Date d'inscription jeudi 18 octobre 2007 Statut Membre Dernière intervention 18 juillet 2015 10
15 févr. 2011 à 13:20
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5767

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

15/02/2011 12:39:29
mbam-log-2011-02-15 (12-39-19).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 296537
Temps écoulé: 25 minute(s), 42 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 118

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\francois\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> No action taken.
c:\Users\francois\AppData\Local\Temp\ns2.exe (Backdoor.Bot) -> No action taken.
c:\Users\francois\downloads\eMule\Incoming\accord cd ripper express free 6.5.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\francois\downloads\eMule\Incoming\free cd to wav mp3 wma amr ac3 aac ripper 3.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\francois\downloads\eMule\Incoming\free download decdvd dvd to appletv ripper 2.0.1.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\francois\downloads\eMule\Incoming\spesoft free cd ripper.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\22 the death of all the romance.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\50-632 free test exam questions 10.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\689.iso (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\act 2 - erlaubet! alle edlen des lands.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\an apparition.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\back to york.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\black hand inn.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\buck tick - kurutta taiyou - supiido.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\c piano n 01-2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\cd dvd management software 0.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\coco jamboo (extended version).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\darkening my dreams.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\deadmau5 - not exactly.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\deep house part 1 cd2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\desaparecidos vs.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\devuelveme la vida(antonio orozco).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\die ultimative chartshow (die erfolgreichsten piano-hits aller zeiten) - cd 2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\distress your bowel.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\dj networx vol 24 cd2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\dreaming city.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\dryn-dryn.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\e20-501 - commercial storage & info infrastructure exam for tech archs 2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\finlandia op. 26 no.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\Flairck.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\flint hill special - earl scruggs.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\funky lobby.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\gabry ponte feat.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\glory to the kings.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\handgun and cocaine.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\hast du heute schon gelacht.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\i changed my mind (remix).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\in a sunburned country (cd 4).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\jay eichler - the voices (beatbreaker rockin fckin remix).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\just stand back.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\kill the popscene.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\lect.14 the atlantic slave tradethe impact.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\Leeward.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\lesson12-dialogue1.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\life for rent (dido).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\limikolen.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\little tiny hairs.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\luminous - make it happen.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\March.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\maths helper.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\meanest lover - nitty gritty.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\no. 1 in c major- adagio.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\partion 3 in a-moll - bwv 827 - burlesca.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\playmates.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\pumpe duse.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\refreshbar 1.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\Rosey.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\sway and king tech-wake up show freestyles vol. 8.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\tip your hat to whitey (mars).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\torn to pieces (depression).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\who medgar evers was....exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\incoming\within you without you (alan lorber orchestra).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\22 the death of all the romance.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\50-632 free test exam questions 10.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\689.iso (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\act 2 - erlaubet! alle edlen des lands.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\an apparition.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\back to york.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\black hand inn.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\buck tick - kurutta taiyou - supiido.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\c piano n 01-2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\cd dvd management software 0.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\coco jamboo (extended version).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\darkening my dreams.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\deadmau5 - not exactly.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\deep house part 1 cd2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\desaparecidos vs.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\devuelveme la vida(antonio orozco).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\die ultimative chartshow (die erfolgreichsten piano-hits aller zeiten) - cd 2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\distress your bowel.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\dj networx vol 24 cd2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\dreaming city.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\dryn-dryn.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\e20-501 - commercial storage & info infrastructure exam for tech archs 2.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\finlandia op. 26 no.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\Flairck.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\flint hill special - earl scruggs.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\funky lobby.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\gabry ponte feat.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\glory to the kings.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\handgun and cocaine.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\hast du heute schon gelacht.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\i changed my mind (remix).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\in a sunburned country (cd 4).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\jay eichler - the voices (beatbreaker rockin fckin remix).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\just stand back.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\kill the popscene.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\lect.14 the atlantic slave tradethe impact.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\Leeward.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\lesson12-dialogue1.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\life for rent (dido).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\limikolen.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\little tiny hairs.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\luminous - make it happen.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\March.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\maths helper.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\meanest lover - nitty gritty.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\no. 1 in c major- adagio.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\partion 3 in a-moll - bwv 827 - burlesca.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\playmates.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\pumpe duse.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\refreshbar 1.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\Rosey.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\sway and king tech-wake up show freestyles vol. 8.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\tip your hat to whitey (mars).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\torn to pieces (depression).exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\who medgar evers was....exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\incoming\within you without you (alan lorber orchestra).exe (Spyware.Passwords.XGen) -> No action taken.
0
alainbrest Messages postés 575 Date d'inscription jeudi 18 octobre 2007 Statut Membre Dernière intervention 18 juillet 2015 10
15 févr. 2011 à 13:21
voilà mes deux rapports . merci pour votre aide ...
0
Réponse 4 / 5
Profil bloqué
15 févr. 2011 à 13:21
Pour AD-Remover redémarre le et fais 'Nettoyer'.
Et Malwarebytes' Anti Malware repasse une analyse et supprime tout ce que tu as trouvé.
0
Utilisateur anonyme
15 févr. 2011 à 15:32
salut

pour suivre :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
alainbrest Messages postés 575 Date d'inscription jeudi 18 octobre 2007 Statut Membre Dernière intervention 18 juillet 2015 10
15 févr. 2011 à 15:50
voilà mes derniers rapports de malware bytes' et ad-r
d'ailleurs j'ai été déçu par ad-r : il m'a demandé l'autorisation d'éteindre le pc pour continuer son boulot et au bout de 2X15mn (donc je l'ai fait à deux reprises d'où le 2X) il n'avait toujours pas éteint le pc . ce dernier était toujours sur l'écran bleu d'extinction avec la petite roulette qui tournait mais ne s'arrêtait jamais.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5767

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/02/2011 15:30:08
mbam-log-2011-02-15 (15-30-08).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 298511
Temps écoulé: 40 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [4]) -> Lancé à 15:31:57 le 15/02/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)
francois@FRANCOIS-TOSH (TOSHIBA Satellite C660)

============== RECHERCHE ==============



-- Fichier ouvert: C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default\Prefs.js --
Ligne trouvée: user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Ligne trouvée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=");
-- Fichier Fermé --




============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0 (x)
HKLM_MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0 (x)
Extensions\{4eef14a8-52fc-7cb7-df21-7d4df2afbdf5} (z)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKLM_Extensions|{B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
HKLM_Extensions|{6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKCU_Extensions|firefox@bandoo.com - C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles/9y2ny7eh.default\extensions\firefox@bandoo.com (x)

-- C:\Users\francois\AppData\Roaming\Mozilla\FireFox\Profiles\9y2ny7eh.default --
Extensions\amznUWL2@amazon.com (Add to Amazon Wish List Button)
Extensions\chintzee@chintzee.com (Chintzee Amazon Price Tracker)
Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar)
Extensions\sidecar@amazon.com (AmazonAssist)
Extensions\toolbar-amazon@alexa.com (Amazon Toolbar)
Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} (Winamp Toolbar)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Toolbar)
Searchplugins\absearch-search.xml (hxxp://www.astroburn-search.com/search/web?q={searchTerms}/)
Searchplugins\daemon-search.xml (hxxp://www.daemon-search.com/search/web?q={searchTerms}/)
Searchplugins\winamp-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\francois\\Downloads
Prefs.js - browser.search.defaultenginename, Web Search
Prefs.js - browser.search.selectedEngine, Web Search
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
HKCU_SearchScopes\{49B6B973-3F04-4F86-A901-FFCBB5E24323} - "?" (?)
HKCU_SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26} - "Astroburn Search" (hxxp://www.astroburn-search.com/search/web?q={searchTerms})
HKCU_SearchScopes\{9DBAE321-D4F0-460F-A34E-6DACB1305E17} - "?" (?)
HKCU_SearchScopes\{A38A0E9D-81EF-40B7-8FC0-7C77C2EF7D22} - "eBay" (hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)
HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{28A36D69-07EA-44CE-B298-1A8B3E8B6FE1} - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{34014F33-E625-48B6-B314-101DDBCF160C} - C:\Users\francois\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{588BDA8F-BFA5-4A34-B2A3-27DD6D35F559} - C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (DivX, LLC)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{71274DC5-D6B8-4B74-BBCF-04D76E30772B} - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{88B89B96-F7B2-469D-8F22-5F3BE33DEDDE} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{EE0DF950-5C7F-4261-8CFA-AE01D71FD9BD} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\SetupUtility.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\MTSProc.exe (<TOSHIBA>)
HKLM_Extensions\{686C970F-1D7D-4469-85D1-4B35763B56CC} - "50 FREE MP3s!" (C:\Program Files (x86)\Winamp\eMusic\roundtarget.ico)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype add-on for Internet Explorer" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\icon.ico)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype add-on for Internet Explorer" (C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)
BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll)
BHO\{d7a02273-89b3-6f71-0014-47fb3140db5e} - "qualityads" (C:\Windows\SysWow64\3b091b72.dll)
BHO\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - "TOSHIBA Media Controller Plug-in" (C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 1199 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 21 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 15/02/2011 (18362 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 15/02/2011 (8772 Octet(s))
C:\Ad-Report-CLEAN[3].txt - 15/02/2011 (8829 Octet(s))
C:\Ad-Report-SCAN[1].txt - 12/02/2011 (19830 Octet(s))
C:\Ad-Report-SCAN[2].txt - 15/02/2011 (20223 Octet(s))
C:\Ad-Report-SCAN[3].txt - 15/02/2011 (20280 Octet(s))
C:\Ad-Report-SCAN[4].txt - 15/02/2011 (9259 Octet(s))

Fin à: 15:32:57, 15/02/2011

============== E.O.F ==============
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
"R" à l'envers
Rival -
Allan -

10 réponses
Conversion Bytes à Mo
Utilisateur anonyme -
papoute76 -

8 réponses
comment faire les R à l'envers ?
neg -
Moumou -

2 réponses
Combien de Bytes pour 1Mo ?
Randal -
ThePm -

8 réponses