virus detecte mais pas supprimer

Question

Bonjour, 

Voila hier j'ai acheter un anti virus GDATA 2011 et apres l'analyse mon anti virus avait detecter 78 fichier contaminer !!!!!! virus non mis en quarantaine type de virus  GEN.Heur.MSIL.Krypt.6(Engine A) que faire pour suprimer ses element ..... ou alors comment remettre mon pc a zero je suis avec un FUJITSU SIEMENS ...... merci de vouloir m'aider ..

Configuration: Windows XP / Opera 9.80

Utilisateur anonyme · Answer

Salut,

Nous allons effectuer un diagnostic de ton PC: 
*Télécharge ZHPDiag sur ton bureau : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 
ou : 
http://www.premiumorange.com/zeb-help-process/zhpdiag.html 

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag" 

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur » 

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic ») 
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette 
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : 
http://pjjoint.malekal.com/ 

Si indisponible: 
http://www.cijoint.fr/ 

* Tuto zhpdiag : 
http://www.premiumorange.com/zeb-help-process/zhpdiag.html 


Hébergement de rapport sur pjjoint.malekal.com 

* Rends toi sur http://pjjoint.malekal.com/ 
* Clique sur le bouton Parcourir 
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir 
*Clique sur le bouton Envoyer 
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse.

@+

karlo1988 · Answer

https://pjjoint.malekal.com/files.php?id=h7j12l15m12v15j6h14r6y8 voici le lien qui ma ete donner . Merci de m'accorder votre attention ..

Utilisateur anonyme · Answer

Re,

Ton PC est très infecté !

1/ * Télécharge de AD-Remover sur ton Bureau. 
http://www.teamxscript.org/adremoverTelechargement.html 

/!\ Ferme toutes applications en cours /!\ 

- Double-clique sur l'icône Ad-remover située sur ton Bureau. 
- Sur la page, clique sur le bouton « Nettoyer » 
- Confirme lancement du scan 
- Laisse travailler l'outil. 
- Poste le rapport qui apparaît à la fin. 

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt) 

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

Ensuite

2/

*Télécharges Malwarebytes' (mbam) 

ICI >> Malwarebytes' (mbam) 

* installes + mise a jour 
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir 
* Lances--> Malwarebytes (MBAM) 
* Puis vas dans l'onglet "Recherche", coche >>Exécuter un examen complet 
* puis "Rechercher" 
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen" 
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport 
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection 
* S'il t' es demandé de redémarrer, clique sur "oui " 
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici 
!!! Ne pas vider la quarantaine de MBAM sans avis !!!

J'attend les deux rapports

@+

karlo1988 · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 18:31:20 le 20/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Antares@DAMAT-3A7C003D9 ( ) 
 
============== RECHERCHE ==============

Service: "Application Updater" Présent 

Fichier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navigateur OfferBox.lnk
Dossier trouvé: C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\Antares\Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Program Files\Application Updater
Dossier trouvé: C:\Documents and Settings\Antares\Menu Démarrer\Programmes\CrazyLoader
Dossier trouvé: C:\Program Files\CrazyLoader
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\pdfforge
Dossier trouvé: C:\Program Files\pdfforge Toolbar
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\perso\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\ResultBar
Dossier trouvé: C:\Program Files\ResultBar
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\Search Settings
Dossier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ShopperReports
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\ShopperReports3
Dossier trouvé: C:\Documents and Settings\perso\Application Data\ShopperReports3
Dossier trouvé: C:\Program Files\ShopperReports3
Dossier trouvé: C:\Program Files\Fichiers communs\Spigot
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\OfferBox
Dossier trouvé: C:\Documents and Settings\perso\Application Data\OfferBox
Dossier trouvé: C:\Program Files\OfferBox
Dossier trouvé: C:\Program Files\Widestream6

Clé trouvée: HKLM\Software\Classes\CLSID\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKLM\Software\Classes\CLSID\{0B25FF79-796A-4C2E-B09B-7921065D8EF8}
Clé trouvée: HKLM\Software\Classes\Interface\{0B25FF79-796A-4C2E-B09B-7921065D8EF8}
Clé trouvée: HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKLM\Software\Classes\CLSID\{1a6dc111-b030-4c3e-be65-299284128b91}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a6dc111-b030-4c3e-be65-299284128b91}
Clé trouvée: HKLM\Software\Classes\CLSID\{1EB45B75-E889-42BE-B0C9-C8E0EE687052}
Clé trouvée: HKLM\Software\Classes\Interface\{1EB45B75-E889-42BE-B0C9-C8E0EE687052}
Clé trouvée: HKLM\Software\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{606d89e9-c72a-4e4d-8d3a-142b2a74ff1b}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{606d89e9-c72a-4e4d-8d3a-142b2a74ff1b}
Clé trouvée: HKLM\Software\Classes\CLSID\{60d7e8fc-8849-46e8-b352-5abbae0c48b4}
Clé trouvée: HKLM\Software\Classes\CLSID\{9b218861-1cad-41e9-8105-1291a91ca488}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9b218861-1cad-41e9-8105-1291a91ca488}
Clé trouvée: HKLM\Software\Classes\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842}
Clé trouvée: HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé trouvée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé trouvée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKLM\Software\Classes\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116}
Clé trouvée: HKLM\Software\Classes\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D}
Clé trouvée: HKLM\Software\Classes\CLSID\{CFC16189-8A92-4a29-A940-60248385F426}
Clé trouvée: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Clé trouvée: HKLM\Software\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Clé trouvée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Clé trouvée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Clé trouvée: HKLM\Software\Classes\Interface\{54ADB4A4-6C88-4710-A227-820961B9981E}
Clé trouvée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé trouvée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Clé trouvée: HKLM\Software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Clé trouvée: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Clé trouvée: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Clé trouvée: HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Clé trouvée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Clé trouvée: HKLM\Software\Classes\Interface\{B690A281-F7D4-4E0F-BA02-A12ADD86277B}
Clé trouvée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Clé trouvée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé trouvée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Clé trouvée: HKLM\Software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Clé trouvée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Clé trouvée: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Clé trouvée: HKLM\Software\Classes\Interface\{F42A2432-287D-4161-8C94-99C06BEE7A81}
Clé trouvée: HKLM\Software\Classes\Interface\{F44202AE-BE61-41C8-AFEA-5E494EC7595B}
Clé trouvée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Clé trouvée: HKLM\Software\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}
Clé trouvée: HKLM\Software\Classes\TypeLib\{25B7FAD8-85B3-40A4-BBB8-22DBB95831E1}
Clé trouvée: HKLM\Software\Classes\TypeLib\{4FD0EE11-D5B1-41B1-A3BD-F537539804EE}
Clé trouvée: HKLM\Software\Classes\TypeLib\{5D82D8DD-B839-47C1-B8E0-AD754F949BB6}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Clé trouvée: HKLM\Software\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
Clé trouvée: HKLM\Software\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
Clé trouvée: HKLM\Software\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPClass
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPClass.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPEnvelope
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPEnvelope.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMain
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMain.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMessage
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMessage.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPRecipients
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPRecipients.1
Clé trouvée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx
Clé trouvée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx.1
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\MenuButtonIE.ButtonIE
Clé trouvée: HKLM\Software\Classes\MenuButtonIE.ButtonIE.1
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.AsyncReporter
Clé trouvée: HKLM\Software\Classes\ShopperReports.AsyncReporter.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDic
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDic.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDisp
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDisp.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Dwnldr
Clé trouvée: HKLM\Software\Classes\ShopperReports.Dwnldr.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbAx
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbAx.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbGuru
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbGuru.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbInfoBand
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbInfoBand.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButton
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButton.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButtonA
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButtonA.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.KOPFF
Clé trouvée: HKLM\Software\Classes\ShopperReports.KOPFF.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaPSExecuter
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaPSExecuter.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.ReportData
Clé trouvée: HKLM\Software\Classes\ShopperReports.ReportData.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Reporter
Clé trouvée: HKLM\Software\Classes\ShopperReports.Reporter.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.RprtCtrl
Clé trouvée: HKLM\Software\Classes\ShopperReports.RprtCtrl.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Scopes
Clé trouvée: HKLM\Software\Classes\ShopperReports.Scopes.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Stock
Clé trouvée: HKLM\Software\Classes\ShopperReports.Stock.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiate
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiate.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerOnceInDay
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerOnceInDay.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2899468
Clé trouvée: HKLM\Software\Classes\AppID\BRNstIE.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}
Clé trouvée: HKLM\Software\Classes\AppID\CmndFF.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}
Clé trouvée: HKLM\Software\Classes\AppID\MenuButtonIE.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
Clé trouvée: HKLM\Software\Classes\AppID\mozillaps.dll
Clé trouvée: HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}
Clé trouvée: HKLM\Software\Classes\AppID\Pltfrm.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\OfferBox
Clé trouvée: HKLM\Software\pdfforge
Clé trouvée: HKLM\Software\ResultBar
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKLM\Software\ShopperReports3
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\ShopperReports3
Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
Clé trouvée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a61376ff-292a-4591-a6b5-d90771424583}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4D18F23-40FB-4A8C-B236-3D89DCC0BE6B}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879057EB676555037A093
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|ShopperReports@ShopperReports.com
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|widestream6@spointer.com
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)
HKLM_Extensions|offerboxffx@offerbox.com - C:\Program Files\OfferBox\offerboxffx@offerbox.com
HKLM_Extensions|ShopperReports@ShopperReports.com - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
HKLM_Extensions|widestream6@spointer.com - C:\Program Files\Widestream6\spointer\extensions\widestream6@spointer.com

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --
Prefs.js - browser.download.lastDir, C:\Documents and Settings\Antares\Mes documents\Téléchargements
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://home.sweetim.com
AboutUrls|Tabs - hxxp://start.facemoods.com/?a=ppcb&f=2
HKCU_URLSearchHooks|{B922D405-6D13-4A2B-AE89-08A030DA4402} - "pdfforge Toolbar" (C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "SearchingBar Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll)
HKLM_Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} (C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB} - C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services Limited)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (?)
HKLM_ElevationPolicy\{a61376ff-292a-4591-a6b5-d90771424583} - C:\Program Files\Widestream6\spointer\widestream6_air.exe (Widestream6)
HKLM_ElevationPolicy\{C4D18F23-40FB-4A8C-B236-3D89DCC0BE6B} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} - "ShopperReports - Compare product prices" (C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll,203)
HKLM_Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} - "ShopperReports - Compare travel rates" (C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll,201)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{100EB1FD-D03E-47fd-81F3-EE91287F9465} - "ShopperReports" (C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll) (x)
BHO\{1a6dc111-b030-4c3e-be65-299284128b91} - "Interest recogniser for Widestream6 (powered by Spointer)" (C:\Program Files\Widestream6\spointer\extensions\widestream6_air_ie.dll)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - "FlashGetBHO" (C:\Documents and Settings\Antares\Application Data\FlashGetBHO\FlashGetBHO3.dll)
BHO\{B922D405-6D13-4A2B-AE89-08A030DA4402} - "pdfforge Toolbar" (C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
BHO\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - "OfferBox" (C:\Program Files\OfferBox\OfferBoxBHO.dll)

========================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 6407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/04/2011 20:12:53
mbam-log-2011-04-20 (20-12-53).txt

Type d'examen: Examen complet (C:\|J:\|)
Elément(s) analysé(s): 197875
Temps écoulé: 1 heure(s), 32 minute(s), 45 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 85
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 25
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879057EB676555037A093 (Malware.Trace) -> Value: SRS_IT_E879057EB676555037A093 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Defender (Worm.AutoRun) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\all users\application dataesultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cseport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cses1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cseport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cses1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program filesesultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\Bureau\multimedia\logiciel\uusee_setup_2007.exe (PUP.Uusee) -> Not selected for removal.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\windefender.exe (Trojan.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cseport\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cseport\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cses1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cseport\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cseport\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cses1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.



voila merci encore de m'aider pour un probleme qui n est pas le tient ........ 
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 20/04/2011 18:27:20 (25360 Octet(s)) 
C:\Ad-Report-SCAN[2].txt - 20/04/2011 18:31:23 (22020 Octet(s)) 

Fin à: 18:32:00, 20/04/2011 
 
============== E.O.F ==============

Utilisateur anonyme · Answer

Re,

Tu relances Ad-Remover et tu choisis l'option "Nettoyer" et non chercher c'est à dire exactement :

/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

karlo1988 · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Lancé à 22:23:06 le 20/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Antares@DAMAT-3A7C003D9 ( ) 
 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.




============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --
Prefs.js - browser.download.lastDir, C:\Documents and Settings\Antares\Mes documents\Téléchargements
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{B922D405-6D13-4A2B-AE89-08A030DA4402} (x)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - "FlashGetBHO" (C:\Documents and Settings\Antares\Application Data\FlashGetBHO\FlashGetBHO3.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/04/2011 22:02:37 (6470 Octet(s)) 
C:\Ad-Report-CLEAN[2].txt - 20/04/2011 22:13:28 (6923 Octet(s)) 
C:\Ad-Report-CLEAN[3].txt - 20/04/2011 22:23:17 (6224 Octet(s)) 

Fin à: 22:38:18, 20/04/2011 
 
============== E.O.F ==============

karlo1988 · Answer

MERCI a vous deux je vais devoir m'absenter plusieurs jours merci de vouloir continuer a resoudre ce soucis a moin que vous ne repondier la nuit  ^

Utilisateur anonyme · Answer

Salut,

Maintenant, stp Lance ZHPDiag depuis ton bureau, clique sur l'onglet vert Flèche 

en bas pour faire la mise à jour, ensuite tu fais ceci :

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indisponible:
http://www.cijoint.fr/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html


Hébergement de rapport sur pjjoint.malekal.com

* Rends toi sur http://pjjoint.malekal.com/
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
*Clique sur le bouton Envoyer
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse.

Utilisateur anonyme · Answer

Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C ) 

[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   [111928] 
R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} Clé orpheline     
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe     
O4 - HKLM\..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)     
O4 - Global Startup: C:\Documents And Settings\Antares\Menu Démarrer\Programmes\Navigateur OfferBox.lnk . (...)  -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.)     
O42 - Logiciel: Widestream6 - (.Secure Digital Services.) [HKLM] -- {835525BE-63BD-4EC4-9425-00CEAD4849C2}     
O42 - Logiciel: pdfforge Toolbar v4.3 - (.Spigot, Inc..) [HKLM] -- {A0B139A7-E8D5-49E8-A7BF-12421E652208}     
O47 - AAKE:Key Export SP - "C:\Documents and Settings\perso\Application Data\WinDefender.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\perso\Application Data\WinDefender.exe (.not file.)     
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Antares\Application Data\WinDefender.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Antares\Application Data\WinDefender.exe (.not file.)     
O47 - AAKE:Key Export SP - "C:\Program Files\uusee\UUSeePlayer.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\uusee\UUSeePlayer.exe (.not file.)     
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)     
[HKCR\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}] 
[HKCR\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}] 
[HKCR\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}] 
[HKCR\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}] 
[HKCR\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}] 
[HKCR\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}] 
[HKCR\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}] 
[HKCR\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}] 
[HKCR\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}] 
[HKCR\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}] 
FirewallRAZ
EmptyTemp
EmptyFlash



Puis Lance ZHPFix depuis le raccourci du bureau . 

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) . 

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent . 

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre. 

Clique sur le bouton  GO 

Copie/Colle le rapport à l'écran dans ton prochain message.

karlo1988 · Answer

========== Clé(s) du Registre ==========
O42 - Logiciel: Widestream6 - (.Secure Digital Services.) [HKLM] -- {835525BE-63BD-4EC4-9425-00CEAD4849C2}  => Clé supprimée avec succès
O42 - Logiciel: pdfforge Toolbar v4.3 - (.Spigot, Inc..) [HKLM] -- {A0B139A7-E8D5-49E8-A7BF-12421E652208}  => Clé supprimée avec succès
HKCR\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}  => Clé non supprimée
HKCR\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}  => Clé non supprimée
HKCR\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}  => Clé non supprimée
HKCR\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}  => Clé non supprimée
HKCR\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}  => Clé non supprimée
HKCR\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}  => Clé non supprimée
HKCR\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}  => Clé non supprimée
HKCR\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}  => Clé non supprimée
HKCR\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}  => Clé non supprimée
HKCR\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}  => Clé non supprimée

========== Valeur(s) du Registre ==========
R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} Clé orpheline  => Valeur supprimée avec succès
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe  => Valeur supprimée avec succès
O4 - HKLM\..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Documents and Settings\perso\Application Data\WinDefender.exe" [Enabled] .(.) -- C:\Documents and Settings\perso\Application Data\WinDefender.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Antares\Application Data\WinDefender.exe" [Enabled] .(.) -- C:\Documents and Settings\Antares\Application Data\WinDefender.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\uusee\UUSeePlayer.exe" [Enabled] .(.) -- C:\Program Files\uusee\UUSeePlayer.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe" [Enabled] .(.) -- C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\ma-config.com\maconfservice.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\eMule\emule.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Bureau\eMule\emule.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Messenger\msmsgs.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Launcher.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Launcher.patch.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Blizzard Downloader.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Application Data\bot.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Local Settings\Application Data\Opera\Opera	emporary_downloads\FreeLiveCam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\perso\Application Data\bot.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\12976.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Application Data\FreeLiveCam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\perso\LOCALS~1\Temp\50073.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\perso\Application Data\FreeLiveCam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\91712.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\3288.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\adslTV\adsltv.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\adslTV\VLC\vlc.exe  => Valeur supprimée avec succès
FirewallRaz : Aucune valeur présente dans la clé d'exception du registre

========== Dossier(s) ==========
Dossiers Flash Cookies supprimés : 29

========== Fichier(s) ==========
Fichiers Flash Cookies supprimés : 15


========== Récapitulatif ==========
12 : Clé(s) du Registre
26 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)


End of the scan

Utilisateur anonyme · Answer

1/
? Télécharge OTM (OldTimer) sur ton Bureau : 
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ 
? Double-clique sur OTM.exe afin de le lancer. 
? Copie (Ctrl+C) le texte suivant ci-dessous : 

:Reg 
HKCR\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} 
HKCR\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} 
HKCR\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}  
HKCR\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}
HKCR\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} 
HKCR\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}  
HKCR\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}  
HKCR\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} 
HKCR\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} 
HKCR\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}  
:commands 
[emptytemp] 
[start explorer] 
[reboot] 

? Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 
? Clique maintenant sur le bouton MoveIt! puis ferme OTM 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

? Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\ 

*Le nom du rapport correspond au moment de sa création : date_heure.log 

 
2/

Attention, avant de commencer, lit attentivement la procédure  

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\  

? Fais un clic droit sur ce lien, enregistre le dans ton bureau  

Voici Aide combofix  


? /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\  
  

? Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)  

Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter  

? ? SURTOUT INSTALLES LA CONSOLE DE RECUPERATION  
(si il te propose de l'installer remets internet)  

? Mets-le en langue française F  

? Tape sur la touche 1 (Yes) pour démarrer le scan.  


? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC  

?En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.  

? Une fois le scan achevé, un rapport va s'afficher : Poste son contenu  

? ? /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\  

? Note : Le rapport se trouve également là : C:\ComboFix.txt   

Membre, Contributeur 

H.F.  :  Fish66

karlo1988 · Answer

ComboFix 11-04-26.05 - Antares 27/04/2011  16:47:29.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.383.189 [GMT 2:00]
Lancé depuis: c:\documents and settings\Antares\Bureau\ComboFix.exe
AV: G Data AntiVirus 2011 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Antares\Application Data\facemoods.com
c:\program files\facemoods.com
c:\windows\struct~.ini
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-03-27 au 2011-04-27  ))))))))))))))))))))))))))))))))))))
.
.
2011-04-27 11:27 . 2011-04-27 11:27	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-04-27 11:25 . 2011-04-27 11:25	--------	d-----w-	c:\program files\TVAnts
2011-04-27 11:25 . 2011-04-27 11:25	--------	d-----w-	c:\program files\JRE
2011-04-27 11:24 . 2011-04-27 11:24	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2011-04-27 11:24 . 2011-04-27 11:24	--------	d-----w-	c:\program files\Microsoft Sync Framework
2011-04-27 11:24 . 2011-04-27 11:24	--------	d-----w-	c:\program files\Microsoft
2011-04-27 11:24 . 2011-04-27 11:24	--------	d-----w-	c:\program files\Freemake
2011-04-27 11:24 . 2011-04-27 11:25	--------	d-----w-	c:\program files\Analog Devices
2011-04-27 00:46 . 2011-04-27 00:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\DriverBoost
2011-04-27 00:45 . 2011-04-27 00:45	--------	d-----w-	c:\program files\DriverBoost
2011-04-27 00:26 . 2011-04-27 11:21	--------	d-----w-	c:\program files\ma-config.com
2011-04-27 00:26 . 2011-04-27 11:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2011-04-26 23:23 . 2011-04-27 11:23	--------	d-----w-	c:\program files\Windows Media Connect 2
2011-04-26 23:19 . 2011-04-27 11:23	--------	d-----w-	c:\windows\system32\drivers\UMDF
2011-04-26 21:30 . 2010-04-16 21:12	48464	----a-w-	c:\windows\system32\sirenacm.dll
2011-04-26 20:47 . 2011-04-27 11:26	--------	d-----w-	C:\RECYCLER(2)
2011-04-20 16:34 . 2011-04-20 16:34	--------	d-----w-	c:\documents and settings\Antares\Application Data\Malwarebytes
2011-04-20 16:34 . 2010-11-29 15:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 16:34 . 2011-04-20 16:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-20 16:34 . 2010-11-29 15:42	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-20 16:34 . 2011-04-27 11:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-20 16:26 . 2011-04-27 11:26	--------	d-----w-	c:\program files\Ad-Remover
2011-04-20 14:07 . 2011-04-20 14:07	512	----a-w-	C:\PhysicalDisk0_MBR.bin
2011-04-20 14:02 . 2011-04-27 11:26	--------	d-----w-	c:\program files\ZHPDiag
2011-04-19 15:39 . 2011-04-19 15:39	--------	d-----w-	c:\documents and settings\Antares\Local Settings\Application Data\G DATA
2011-04-19 14:12 . 2011-04-19 14:12	68976	----a-w-	c:\windows\system32\drivers\GRD.sys
2011-04-19 12:40 . 2011-04-19 12:40	51784	----a-w-	c:\windows\system32\drivers\GDTdiIcpt.sys
2011-04-19 12:40 . 2011-04-19 12:40	38600	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2011-04-19 12:40 . 2010-03-25 14:37	137288	----a-w-	c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\Components\avkwebfilterff.dll
2011-04-19 12:40 . 2011-04-19 12:40	61512	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2011-04-19 12:40 . 2011-04-19 12:40	33480	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2011-04-19 12:39 . 2011-04-27 12:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\G DATA
2011-04-19 12:39 . 2011-04-19 12:39	--------	d-----w-	c:\program files\Fichiers communs\G Data
2011-04-19 12:39 . 2011-04-19 12:39	--------	d-----w-	c:\program files\G Data
2011-04-19 12:37 . 2011-04-19 12:37	--------	d-----w-	c:\documents and settings\Antares\Local Settings\Application Data\Downloaded Installations
2011-04-18 17:15 . 2011-04-18 17:16	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2011-04-18 15:00 . 2011-04-18 15:00	--------	d-----w-	c:\documents and settings\Antares\Application Data\widestream
2011-04-18 14:58 . 2011-04-19 13:32	--------	d-----w-	c:\documents and settings\Antares\Local Settings\Application Data\widestream6 Air
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 14:31 . 2010-12-22 14:49	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-02-22 11:42 . 2008-04-14 12:00	385024	----a-w-	c:\windows\system32\html.iec
.
.
------- Sigcheck -------
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE	cpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\f96addb4e216f2399cbadef9606eabb2\sp3qfe	cpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\f96addb4e216f2399cbadef9606eabb2\sp3gdr	cpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache	cpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers	cpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$	cpip.sys
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France	bSoft.dll" [2010-10-18 3908192]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
"{a3d9f146-03da-4695-878c-81ef970f2f96}"= "c:\program files\SearchingBar\prxtbSear.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{a3d9f146-03da-4695-878c-81ef970f2f96}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-10-18 11:26	3908192	----a-w-	c:\program files\Softonic_France	bSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3d9f146-03da-4695-878c-81ef970f2f96}]
2011-01-03 09:16	175400	----a-w-	c:\program files\SearchingBar\prxtbSear.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 16:25	1438520	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France	bSoft.dll" [2010-10-18 3908192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{a3d9f146-03da-4695-878c-81ef970f2f96}"= "c:\program files\SearchingBar\prxtbSear.dll" [2011-01-03 175400]
"{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"= "c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a3d9f146-03da-4695-878c-81ef970f2f96}]
.
[HKEY_CLASSES_ROOT\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}]
[HKEY_CLASSES_ROOT\facemoods.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\facemoods.dskBnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France	bSoft.dll" [2010-10-18 3908192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{A3D9F146-03DA-4695-878C-81EF970F2F96}"= "c:\program files\SearchingBar\prxtbSear.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a3d9f146-03da-4695-878c-81ef970f2f96}]
.
c:\documents and settings\Antares\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"=
"c:\Program Files\eMule\emule.exe"=
"c:\Documents and Settings\Antares\Bureau\eMule\emule.exe"=
"c:\Program Files\Opera\opera.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\World of Warcraft\Launcher.exe"=
"c:\Program Files\World of Warcraft\Launcher.patch.exe"=
"c:\Program Files\World of Warcraft\Blizzard Downloader.exe"=
"c:\Documents and Settings\Antares\Bureau\multimedia\logiciel\flv_player_setup.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Documents and Settings\Antares\Bureau\multimedia\eMule\emule.exe"=
"c:\Documents and Settings\Antares\Application Data\bot.exe"=
"c:\Documents and Settings\Antares\Local Settings\Application Data\Opera\Opera\temporary_downloads\FreeLiveCam.exe"=
"c:\Documents and Settings\perso\Application Data\bot.exe"=
"c:\DOCUME~1\Antares\LOCALS~1\Temp\12976.exe"=
"c:\Documents and Settings\Antares\Application Data\FreeLiveCam.exe"=
"c:\DOCUME~1\perso\LOCALS~1\Temp\50073.exe"=
"c:\Documents and Settings\perso\Application Data\FreeLiveCam.exe"=
"c:\Documents and Settings\perso\Application Data\WinDefender.exe"=
"c:\DOCUME~1\perso\LOCALS~1\Temp\91712.exe"=
"c:\Documents and Settings\Antares\Application Data\WinDefender.exe"=
"c:\DOCUME~1\Antares\LOCALS~1\Temp\91712.exe"=
"c:\DOCUME~1\perso\LOCALS~1\Temp\3288.exe"=
"c:\DOCUME~1\Antares\LOCALS~1\Temp\3288.exe"=
"c:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"=
"c:\Program Files\uusee\UUSeePlayer.exe"=
"c:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe"=
"c:\Program Files\TVUPlayer\TVUPlayer.exe"=
"c:\Program Files\adslTV\adsltv.exe"=
"c:\Program Files\adslTV\VLC\vlc.exe"=
"c:\Riot Games\League of Legends\air\LolClient.exe"=
"c:\Riot Games\League of Legends\game\League of Legends.exe"=
"c:\Documents and Settings\Antares\Mes documents\Downloads\ibario_fmds.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"15751:TCP"= 15751:TCP:NortonAV
"18263:TCP"= 18263:TCP:NortonAV
"17865:TCP"= 17865:TCP:NortonAV
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [19/04/2011 14:40 33480]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [19/04/2011 14:40 61512]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [19/04/2011 16:12 68976]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Fichiers communs\G Data\AVKProxy\AVKProxy.exe [16/04/2010 13:10 1070664]
R2 AVKService;Planificateur G Data;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [16/04/2010 13:10 410696]
R2 AVKWCtl;G Data Gardien;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [15/03/2010 11:24 1279816]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [19/04/2011 14:40 51784]
R3 GDScan;G Data Scanner;c:\program files\Fichiers communs\G Data\GDScan\GDScan.exe [22/04/2010 13:59 339016]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [19/04/2011 14:40 38600]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
.
------- Examen supplémentaire -------
.
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
IE: ????3?? - c:\documents and settings\Antares\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Antares\Application Data\FlashGetBHO\GetAllUrl.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Antares\Application Data\Mozilla\Firefox\Profiles\i4ka76pl.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{1a6dc111-b030-4c3e-be65-299284128b91} - c:\program files\Widestream6\spointer\extensions\widestream6_air_ie.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
HKLM_ActiveSetup-{4CCE6F49-FEA2-ABA5-AEDC-EE5FAAB5C9DA} - c:\documents and settings\Antares\Application Data\bot.exe
HKLM_ActiveSetup-{BECCDDFE-C5FE-1CE5-DD3C-B705CDCD8B2B} - c:\documents and settings\perso\Application Data\FreeLiveCam.exe
HKLM_ActiveSetup-{F1C3BADA-F502-FCF4-DC21-AFF87DD7AB6D} - c:\documents and settings\Antares\Application Data\WinDefender.exe
HKLM_ActiveSetup-{FAC9BFFD-E3B1-ABBB-DD0B-BC3BC2F617E8} - c:\documents and settings\Antares\Application Data\WinDefender.exe
HKCU_ActiveSetup-{4CCE6F49-FEA2-ABA5-AEDC-EE5FAAB5C9DA} - c:\documents and settings\Antares\Application Data\bot.exe
HKCU_ActiveSetup-{BECCDDFE-C5FE-1CE5-DD3C-B705CDCD8B2B} - c:\documents and settings\Antares\Application Data\FreeLiveCam.exe
HKCU_ActiveSetup-{F1C3BADA-F502-FCF4-DC21-AFF87DD7AB6D} - c:\documents and settings\Antares\Application Data\WinDefender.exe
HKCU_ActiveSetup-{FAC9BFFD-E3B1-ABBB-DD0B-BC3BC2F617E8} - c:\documents and settings\Antares\Application Data\WinDefender.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
AddRemove-OfferBox - c:\program files\OfferBox\uninst.exe
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
AddRemove-Radio_Fr - c:\program files\Radio Fr Solo\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 17:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AEAudioService]
"ImagePath"="system32\drivers\AEAudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Application Updater]
"ImagePath"="\"c:\program files\Application Updater\ApplicationUpdater.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKProxy]
"ImagePath"="\"c:\program files\Fichiers communs\G Data\AVKProxy\AVKProxy.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKService]
"ImagePath"="c:\program files\G Data\AntiVirus\AVK\AVKService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKWCtl]
"ImagePath"="c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Antares\LOCALS~1\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32pcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\esgiguard]
"ImagePath"="\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForcewareWebInterface]
"ImagePath"="\"c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe\" -k runservice"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDBehave]
"ImagePath"="system32\drivers\GDBehave.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDMnIcpt]
"ImagePath"="\??\c:\windows\system32\drivers\MiniIcpt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDScan]
"ImagePath"="\"c:\program files\Fichiers communs\G Data\GDScan\GDScan.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDTdiInterceptor]
"ImagePath"="\??\c:\windows\system32\drivers\GDTdiIcpt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GRD]
"ImagePath"="\??\c:\windows\system32\drivers\GRD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HookCentre]
"ImagePath"="\??\c:\windows\system32\drivers\HookCentre.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
apagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS
distapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS
disuio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS
diswan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS
etbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS
etbt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32
etdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32
etdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32
etman.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
SvcIp]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
SvcLog]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32
tmssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
v]
"ImagePath"="system32\DRIVERS
v4_mini.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
vnetbus]
"ImagePath"="system32\DRIVERS
vnetbus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32
vsvc32.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS
wlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS
wlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERSaspptp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERSasacd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32asauto.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERSasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32asmans.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERSaspppoe.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERSaspti.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERSdbss.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesedbook]
"ImagePath"="system32\DRIVERSedbook.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32pcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32svp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicestl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SeaPort]
"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
"ImagePath"="system32\drivers\Senfilt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{37A0B2F2-1D58-49D6-B08C-292565465A6E}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32	apisrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS	cpip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS	ermdd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32	ermsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32	rkwks.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

Utilisateur anonyme · Answer

Salut, 

Il manque Rapport OTM : 1/ clique ici 

Membre, Contributeur 

H.F.  :  Fish66

karlo1988 · Answer

salut marmars le rapport otm fait planter mon pc jai esssayer 2 fois de suite et sa plante ........... une autre solutioin ??

Utilisateur anonyme · Answer

Salut   
* Petite intrusion !!


Le script OTM de Marmar66 n 'est pas bon    

essayes   

* Double clic "OTMoveIt3.exe"   
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.   

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :    


:Reg   

[-HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}]   
[-HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}]   
[-HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}]   
[-HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}]   
[-HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}]   
[-HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}]   
[-HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}]   
[-HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}]   


:commands   
[emptytemp]   
[Reboot]    
  

- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.   
- Clique maintenant sur le bouton MoveIt!   
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.   
Accepte en cliquant sur YES.   
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\   
Le nom du rapport correspond au moment de sa création : date_heure.log   

bonne continuation >> Marmar66
               
                   
      Contributeur sécurité CCM

karlo1988 · Answer

All processes killed
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32c97a37-e2b8-4097-9330-5f3e1125e181}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2d94732-a74d-433c-98f7-9ed740e82ae9}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Antares
->Temp folder emptied: 3663 bytes
->Temporary Internet Files folder emptied: 33264 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3682704 bytes
->Opera cache emptied: 16936932 bytes
->Flash cache emptied: 62166 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
 
User: Documents and Settings
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: perso
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 14493769 bytes
->Flash cache emptied: 1085 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3442202 bytes
%systemroot%\System32 .tmp files removed: 2833408 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 40,00 mb
 
 
OTM by OldTimer - Version 3.1.17.2 log created on 04272011_190441

Files moved on Reboot...

Registry entries deleted on Reboot...

Utilisateur anonyme · Answer

Merci beaucoup VIRUS-CC

Désolé pour le script ! 

Comment va ton PC ? 
Membre, Contributeur 

H.F.  :  Fish66

karlo1988 · Answer

deja beaucoup mieux il ne rame plus .. juste un peu au demarrage

Utilisateur anonyme · Answer

Re

Pas de souçis


juste repassant à nouveau sur le sujet >>  ceci j'avais zappé 2 lignes 


*Relances OTM


* Double clic "OTMoveIt3.exe"    
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.    

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :     


:Reg    

[-HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}]
[-HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}]

:commands    
[emptytemp]    
[Reboot]     
   

- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.    
- Clique maintenant sur le bouton MoveIt!    
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.    
Accepte en cliquant sur YES.    
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\    
Le nom du rapport correspond au moment de sa création : date_heure.log 




Bonne continuation  à vous

            
                
      Contributeur sécurité CCM

Utilisateur anonyme · Answer

Re,

stp prépare un nouveau rapport, pour cela:

*Lance ZHPDiag depuis ton bureau, clique sur l'onglet vert juste en haut à droite (Flèche) pour faire la mise à jour.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indisponible:
http://www.cijoint.fr/

karlo1988 · Answer

https://pjjoint.malekal.com/files.php?id=k9x6i6n13y5j5w8w15c5         voici merci de ta patience marmar  ^^

Utilisateur anonyme · Answer

Re,

Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C ) 

[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   [111928] 
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe     
O4 - HKLM\..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)     
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (.not file.)     
O4 - Global Startup: C:\Documents And Settings\Antares\Menu Démarrer\Programmes\Navigateur OfferBox.lnk . (...)  -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.)     
O42 - Logiciel: Widestream6 - (.Secure Digital Services.) [HKLM] -- {835525BE-63BD-4EC4-9425-00CEAD4849C2}     
O42 - Logiciel: pdfforge Toolbar v4.3 - (.Spigot, Inc..) [HKLM] -- {A0B139A7-E8D5-49E8-A7BF-12421E652208}     
[HKCU\Software\AppDataLow\Software\Search Settings]     
[HKLM\Software\Application Updater]     
[HKLM\Software\Search Settings]     
[HKLM\Software\pdfforge] 
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] 
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}] 
[HKCR\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] 
[HKLM\Software\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] 
[HKCR\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] 
[HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] 
[HKCR\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] 
[HKLM\Software\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] 
[HKCR\Interface\{6612afdd-34ad-4b89-a236-7e6d07c3fdcd}]     
[HKLM\Software\Classes\Interface\{6612afdd-34ad-4b89-a236-7e6d07c3fdcd}]     
[HKCR\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}]     
[HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}]     
[HKCR\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] 
[HKLM\Software\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] 
[HKCR\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] 
[HKLM\Software\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] 
[HKCR\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0}] 
[HKLM\Software\Classes\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0}] 
[HKCR\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] 
[HKLM\Software\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] 
[HKCR\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] 
[HKLM\Software\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] 
[HKCR\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] 
[HKLM\Software\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] 
[HKCR\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] 
[HKLM\Software\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] 
[HKCR\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] 
[HKLM\Software\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] 
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] 
[HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280] 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280] 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader] 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports] 

    
O47 - AAKE:Key Export SP - "C:\Documents and Settings\perso\Application Data\WinDefender.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\perso\Application Data\WinDefender.exe (.not file.)     
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Antares\Application Data\WinDefender.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Antares\Application Data\WinDefender.exe (.not file.)     
O47 - AAKE:Key Export SP - "C:\Program Files\uusee\UUSeePlayer.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\uusee\UUSeePlayer.exe (.not file.)     
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)     
O64 - Services: CurCS - C:\Program Files\Application Updater\ApplicationUpdater.exe (.not file.) - Application Updater (Application Updater)  .(...) - LEGACY_APPLICATION_UPDATER     


FirewallRAZ
EmptyTemp
EmptyFlash



Puis Lance ZHPFix depuis le raccourci du bureau . 

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) . 

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent . 

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre. 

Clique sur le bouton  GO 

Copie/Colle le rapport à l'écran dans ton prochain message.

karlo1988 · Answer

========== Clé(s) du Registre ==========
O42 - Logiciel: Widestream6 - (.Secure Digital Services.) [HKLM] -- {835525BE-63BD-4EC4-9425-00CEAD4849C2}  => Clé supprimée avec succès
O42 - Logiciel: pdfforge Toolbar v4.3 - (.Spigot, Inc..) [HKLM] -- {A0B139A7-E8D5-49E8-A7BF-12421E652208}  => Clé supprimée avec succès
HKCU\Software\AppDataLow\Software\Search Settings  => Clé supprimée avec succès
HKLM\Software\Application Updater  => Clé non supprimée
HKLM\Software\Search Settings  => Clé supprimée avec succès
HKLM\Software\pdfforge  => Clé supprimée avec succès
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}  => Clé supprimée avec succès
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}  => Clé supprimée avec succès
HKCR\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}  => Clé non supprimée
HKLM\Software\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}  => Clé non supprimée
HKCR\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}  => Clé non supprimée
HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}  => Clé non supprimée
HKCR\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}  => Clé non supprimée
HKLM\Software\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}  => Clé non supprimée
HKCR\Interface\{6612afdd-34ad-4b89-a236-7e6d07c3fdcd}  => Clé non supprimée
HKLM\Software\Classes\Interface\{6612afdd-34ad-4b89-a236-7e6d07c3fdcd}  => Clé non supprimée
HKCR\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}  => Clé non supprimée
HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}  => Clé non supprimée
HKCR\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}  => Clé non supprimée
HKLM\Software\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}  => Clé non supprimée
HKCR\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}  => Clé non supprimée
HKLM\Software\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}  => Clé non supprimée
HKCR\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0}  => Clé non supprimée
HKLM\Software\Classes\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0}  => Clé non supprimée
HKCR\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}  => Clé non supprimée
HKLM\Software\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}  => Clé non supprimée
HKCR\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}  => Clé non supprimée
HKLM\Software\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}  => Clé non supprimée
HKCR\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}  => Clé non supprimée
HKLM\Software\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}  => Clé non supprimée
HKCR\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}  => Clé non supprimée
HKLM\Software\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}  => Clé non supprimée
HKCR\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}  => Clé non supprimée
HKLM\Software\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}  => Clé non supprimée
HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom  => Clé supprimée avec succès
HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280  => Clé non supprimée
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280  => Clé non supprimée
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader  => Clé supprimée avec succès
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports  => Clé supprimée avec succès
O64 - Services: CurCS - C:\Program Files\Application Updater\ApplicationUpdater.exe (.not file.) - Application Updater (Application Updater) .(...) - LEGACY_APPLICATION_UPDATER  => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe  => Valeur supprimée avec succès
O4 - HKLM\..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)  => Valeur supprimée avec succès
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Documents and Settings\perso\Application Data\WinDefender.exe" [Enabled] .(.) -- C:\Documents and Settings\perso\Application Data\WinDefender.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Antares\Application Data\WinDefender.exe" [Enabled] .(.) -- C:\Documents and Settings\Antares\Application Data\WinDefender.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\uusee\UUSeePlayer.exe" [Enabled] .(.) -- C:\Program Files\uusee\UUSeePlayer.exe (.not file.)  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe" [Enabled] .(.) -- C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\ma-config.com\maconfservice.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\eMule\emule.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Bureau\eMule\emule.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Messenger\msmsgs.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Launcher.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Launcher.patch.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Blizzard Downloader.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Application Data\bot.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Local Settings\Application Data\Opera\Opera	emporary_downloads\FreeLiveCam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\perso\Application Data\bot.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\12976.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Application Data\FreeLiveCam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\perso\LOCALS~1\Temp\50073.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\perso\Application Data\FreeLiveCam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\perso\LOCALS~1\Temp\91712.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\91712.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\perso\LOCALS~1\Temp\3288.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\3288.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\TVUPlayer\TVUPlayer.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\adslTV\adsltv.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\adslTV\VLC\vlc.exe  => Valeur supprimée avec succès
FirewallRaz : Aucune valeur présente dans la clé d'exception du registre

========== Dossier(s) ==========
Dossiers Flash Cookies supprimés : 1

========== Fichier(s) ==========
Fichiers Flash Cookies supprimés : 0


========== Récapitulatif ==========
40 : Clé(s) du Registre
30 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)


End of the scan

Utilisateur anonyme · Answer

Bonjour,  

Comme si ton PC est réinfecté de nouveau!  

On doit patienter et vérifier!  

1/   


/!\ Ferme toutes applications en cours /!\    

- Double-clique sur l'icône Ad-remover située sur ton Bureau.    
- Sur la page, clique sur le bouton « chercher »    
- Confirme lancement du scan    
- Laisse travailler l'outil.    
- Poste le rapport qui apparaît à la fin.    

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)    

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c   


@+   




Membre, Contributeur  

H.F.  :  Fish66

karlo1988 · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Lancé à 14:10:40 le 28/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Antares@DAMAT-3A7C003D9 ( ) 
 
============== RECHERCHE ==============

Service: "Application Updater" Présent 


Clé trouvée: HKLM\Software\Classes\CLSID\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKLM\Software\Classes\CLSID\{0B25FF79-796A-4C2E-B09B-7921065D8EF8}
Clé trouvée: HKLM\Software\Classes\Interface\{0B25FF79-796A-4C2E-B09B-7921065D8EF8}
Clé trouvée: HKLM\Software\Classes\CLSID\{1EB45B75-E889-42BE-B0C9-C8E0EE687052}
Clé trouvée: HKLM\Software\Classes\Interface\{1EB45B75-E889-42BE-B0C9-C8E0EE687052}
Clé trouvée: HKLM\Software\Classes\CLSID\{606d89e9-c72a-4e4d-8d3a-142b2a74ff1b}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{606d89e9-c72a-4e4d-8d3a-142b2a74ff1b}
Clé trouvée: HKLM\Software\Classes\CLSID\{60d7e8fc-8849-46e8-b352-5abbae0c48b4}
Clé trouvée: HKLM\Software\Classes\CLSID\{9b218861-1cad-41e9-8105-1291a91ca488}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9b218861-1cad-41e9-8105-1291a91ca488}
Clé trouvée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Clé trouvée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Clé trouvée: HKLM\Software\Classes\Interface\{54ADB4A4-6C88-4710-A227-820961B9981E}
Clé trouvée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé trouvée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Clé trouvée: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Clé trouvée: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Clé trouvée: HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Clé trouvée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Clé trouvée: HKLM\Software\Classes\Interface\{B690A281-F7D4-4E0F-BA02-A12ADD86277B}
Clé trouvée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Clé trouvée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé trouvée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Clé trouvée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Clé trouvée: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Clé trouvée: HKLM\Software\Classes\Interface\{F42A2432-287D-4161-8C94-99C06BEE7A81}
Clé trouvée: HKLM\Software\Classes\Interface\{F44202AE-BE61-41C8-AFEA-5E494EC7595B}
Clé trouvée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Clé trouvée: HKLM\Software\Classes\TypeLib\{25B7FAD8-85B3-40A4-BBB8-22DBB95831E1}
Clé trouvée: HKLM\Software\Classes\TypeLib\{4FD0EE11-D5B1-41B1-A3BD-F537539804EE}
Clé trouvée: HKLM\Software\Classes\TypeLib\{5D82D8DD-B839-47C1-B8E0-AD754F949BB6}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2899468
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé trouvée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a61376ff-292a-4591-a6b5-d90771424583}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4D18F23-40FB-4A8C-B236-3D89DCC0BE6B}

Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|widestream6@spointer.com


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)
HKLM_Extensions|offerboxffx@offerbox.com - C:\Program Files\OfferBox\offerboxffx@offerbox.com (x)
HKLM_Extensions|widestream6@spointer.com - C:\Program Files\Widestream6\spointer\extensions\widestream6@spointer.com (x)

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://home.sweetim.com
AboutUrls|Tabs - hxxp://start.facemoods.com/?a=ppcb&f=2
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "SearchingBar Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll) (x)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{a61376ff-292a-4591-a6b5-d90771424583} - C:\Program Files\Widestream6\spointer\widestream6_air.exe (x)
HKLM_ElevationPolicy\{C4D18F23-40FB-4A8C-B236-3D89DCC0BE6B} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (x)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll) (x)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/04/2011 22:02:37 (6470 Octet(s)) 
C:\Ad-Report-CLEAN[2].txt - 20/04/2011 22:13:28 (6923 Octet(s)) 
C:\Ad-Report-CLEAN[3].txt - 20/04/2011 22:23:17 (6602 Octet(s)) 
C:\Ad-Report-SCAN[3].txt - 28/04/2011 14:12:24 (10407 Octet(s)) 

Fin à: 14:13:09, 28/04/2011 
 
============== E.O.F ==============

Utilisateur anonyme · Answer

Re, 

Ton PC est encore tombé malade   :) 

Bon, il va guérir  lol   :p 

1/     


/!\ Ferme toutes applications en cours /!\      

- Double-clique sur l'icône Ad-remover située sur ton Bureau.      
- Sur la page, clique sur le bouton « Nettoyer »      
- Confirme lancement du scan      
- Laisse travailler l'outil.      
- Poste le rapport qui apparaît à la fin.      

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)      

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c     

2/  

*Télécharges Malwarebytes' (mbam)   

ICI >> Malwarebytes' (mbam)   

* installes + mise a jour   
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir   
* Lances--> Malwarebytes (MBAM)   
* Puis vas dans l'onglet "Recherche", coche >>Exécuter un examen complet   
* puis "Rechercher"   
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"   
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport   
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection   
* S'il t' es demandé de redémarrer, clique sur "oui "   
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici   
!!! Ne pas vider la quarantaine de MBAM sans avis !!!  

@+ 

Membre, Contributeur 

H.F.  :  Fish66

karlo1988 · Answer

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6463

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/04/2011 14:46:03
mbam-log-2011-04-28 (14-46-03).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 146325
Temps écoulé: 5 minute(s), 47 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Utilisateur anonyme · Answer

Re,  

Temps écoulé: 5 minute(s), 47 seconde(s)   
  

Cette durée d'analyse est anormale, MBAM est il bloqué ?  

Est ce que tu as fait une analyse rapide ? 

Stp, refais une analyse complète, s'il se bloque fais unbe analyse rapide 

J'attend tes nouvelles

  

Membre, Contributeur  

H.F.  :  Fish66

Utilisateur anonyme · Answer

Re,

Avant fais passer Ad-remover pour faire le nettoyage!! comme indiqué ICI

karlo1988 · Answer

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6463

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/04/2011 20:43:16
mbam-log-2011-04-28 (20-43-00).txt

Type d'examen: Examen complet (C:\|J:\|)
Elément(s) analysé(s): 280783
Temps écoulé: 4 heure(s), 1 minute(s), 9 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Antares\Bureau\multimedia\logiciel\uusee_setup_2007.exe (PUP.Uusee) -> No action taken.
j:\Users\karlinho\AppData\Roaming\EoRezo\softwareupdate\softwareupdate.exe (Rogue.Eorezo) -> No action taken.
j:\Users\karlinho\AppData\Roaming\EoRezo\softwareupdate\softwareupdatehp.exe (Rogue.Eorezo) -> No action taken.
j:\program files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> No action taken.
j:\program files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> No act

Utilisateur anonyme · Answer

Re,

Pourquoi tu n'as pas supprimer les infections?

On va revenir à Malwarebytes.

STP fais ceci :

/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

karlo1988 · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [4]) -> Lancé à 17:06:34 le 29/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Antares@DAMAT-3A7C003D9 ( ) 
 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.




============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll) (x)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (x)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll) (x)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 44 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/04/2011 22:02:37 (10420 Octet(s)) 
C:\Ad-Report-CLEAN[2].txt - 20/04/2011 22:13:28 (6250 Octet(s)) 
C:\Ad-Report-CLEAN[3].txt - 20/04/2011 22:23:17 (6250 Octet(s)) 
C:\Ad-Report-CLEAN[4].txt - 29/04/2011 17:07:58 (4208 Octet(s)) 
C:\Ad-Report-SCAN[3].txt - 28/04/2011 14:12:24 (10851 Octet(s)) 

Fin à: 17:08:56, 29/04/2011 
 
============== E.O.F ==============

Utilisateur anonyme · Answer

Re,

1/
Comme je t'ai dit ton PC est réinfecté par des adwares, si tu as remarqué après avoir passé AD-Remover option recherche il y'a existence de nouveau des adwares, donc il faut les supprimer de nouveau!

Donc stp fais CECI

2/ Relance Malwarebytes et à la fin de l'analyse clique sur Afficher le résultat 
puis sur supprimer la sélection


3/
N'ai pas peur des HKLM, tous va bien s'arranger!

@+

karlo1988 · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [5]) -> Lancé à 22:42:52 le 29/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Antares@DAMAT-3A7C003D9 ( ) 
 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé supprimée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France	bSoft.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll) (x)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (x)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France	bSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll) (x)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 45 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/04/2011 22:02:37 (10420 Octet(s)) 
C:\Ad-Report-CLEAN[2].txt - 20/04/2011 22:13:28 (6250 Octet(s)) 
C:\Ad-Report-CLEAN[3].txt - 20/04/2011 22:23:17 (6250 Octet(s)) 
C:\Ad-Report-CLEAN[4].txt - 29/04/2011 17:07:58 (6142 Octet(s)) 



le premier rapport AD
C:\Ad-Report-CLEAN[5].txt - 29/04/2011 22:43:04 (4541 Octet(s)) 
C:\Ad-Report-SCAN[3].txt - 28/04/2011 14:12:24 (10851 Octet(s)) 

Fin à: 22:43:38, 29/04/2011 
 
============== E.O.F ==============

karlo1988 · Answer

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6463

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/04/2011 00:12:59
mbam-log-2011-04-30 (00-12-59).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 186045
Temps écoulé: 1 heure(s), 9 minute(s), 47 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Antares\Bureau\multimedia\logiciel\uusee_setup_2007.exe (PUP.Uusee) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Bonjour, 

Mais on a pas terminé la désinfection! 

salut j'ai comme limpression que les message ne s'affiche plus ......

Est ce que tu peux expliquer un peu ?

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* 
Membre, Contributeur 

H.F.  :  Fish66 
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Utilisateur anonyme · Answer

Re,

Il y'a risque que ton PC soit infecté !

karlo1988 · Answer

RogueKiller V5.1.1 [05/05/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Antares [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 07/05/2011 12:01:28

Processus malicieux: 0

Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 0 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 15 / Fail 0
Mes documents: Success 0 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 18 / Fail 5

Termine : << RKreport[1].txt >>
RKreport[1].txt

Utilisateur anonyme · Answer

Salut,

Si tu veux continuer la désinfection, prépare un nouveau rapport ZHPDiag comme avant

@+

Virus detecte mais pas supprimer - Page 2

Discussions similaires

Newsletters