infection virus SPR/Dlr ...........

[chrifleur]

1/

recherche et supprime dans ajout suppression de programmes

eoRezo

Ask Toolbar

2/

Télécharge Ad-remover : http://sd-1.archive-host.com/membres/up/16...759868/AD-R.exe

 

VISTA : installation et lancement par Clic droit et "Exécuter en tant qu'administrateur"

 

• Installe Ad-remover ,

• Lance Ad-remover à partir de l’icône sur le bureau,

• Au menu principal choisis l'option "A" pour un Scan,

poste le rapport obtenu ( C:\Ad-report.log ).

 

• Relancez "Ad-remover",

• Choisissez l'option "B" .

• Sélectionnez >> Suppression Eorezo [ ]

• Entrez "S" (Supprimer les éléments cochés)

► Affichez le rapport généré (C:\Ad-report-date.log )

 

/!\ Si le Bureau ne réapparait pas pressez <Ctrl> <Alt> <Suppr>,

/!\ Onglet "Fichier" --> "Nouvelle tâche" ,

/!\ Entrez explorer.exe et validez

 

 

3/

• Télécharge OTM (de Old_Timer) sur ton bureau,
  
• Double-clique sur OTM.exe pour lancer le programme,
  
• Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :
  

nettoyage

:files

C:\Program Files\eoRezo

C:\Program Files\Ask.com

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

:reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

:commands

[emptytemp]

[reboot]

[start explorer]

• Clique sur MoveIt! pour lancer la suppression,
  
• Le résultat appraraîtra dans le cadre Results.
  
• Clique sur Exit pour fermer le programme.
  
• Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
  
• Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
  

4/

suis ce tutoriel et poste le rapport obtenu

http://forum.pcastuces.com/malwarebytes_an...pide-f31s27.htm

 

bon courage

[ieroue]

Bonjour

 

Je te remercie pour ton aide et voici les trois rapports demandés:

 

1) rapport AD-remover ( C:\Ad-report.log )

.

======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======

.

Mit à jour par C_XX le 18.10.2009 à 19:05

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 7:29:20, 31/10/2009 | Mode Normal | Option: SCAN

Exécuté de: C:\Program Files\Ad-Remover\

Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600

Nom du PC: 115286660319 | Utilisateur actuel: autant

.

============== ÉLÉMENT(S) TROUVÉ(S) ==============

.

 

HKCU\Software\EoRezo

HKCU\Software\Grand Virtual

HKCU\Software\ItsLabel

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKCU\Software\SweetIM

HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\EoRezoBHO.EoBho

HKLM\Software\Classes\EoRezoBHO.EoBho.1

HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}

HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

HKLM\Software\Classes\MediaPlayer.GraphicsUtils

HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1

HKLM\Software\Classes\MgMediaPlayer.GifAnimator

HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1

HKLM\Software\Classes\SWEETIE.IEToolbar

HKLM\Software\Classes\SWEETIE.IEToolbar.1

HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook

HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1

HKLM\Software\Classes\Toolbar3.SWEETIE

HKLM\Software\Classes\Toolbar3.SWEETIE.1

HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

HKLM\Software\EoRezo

HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}

HKLM\Software\SweetIM

HKU\S-1-5-21-1507070965-1200752636-3177755668-1007\Software\Eorezo

HKU\S-1-5-21-1507070965-1200752636-3177755668-1007\Software\ItsLabel

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}

HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

HKCU\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE

HKLM\software\classes\installer\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE

.

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\EoRezo

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\ItsLabel

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\searchplugins\askcom.xml

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\searchplugins\sweetim.xml

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\SweetIMToolbarData

D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM

C:\Program Files\Everest Poker

C:\Program Files\SweetIM

D:\DOCUME~1\AUTANT~1.115\LOCALS~1\Temp\AskSearch

C:\Windows\Installer\11d7c2.msi

C:\Windows\Installer\11d7c8.msi

.

============== Scan additionnel ==============

.

.

* Mozilla FireFox Version 3.0.15 [fr] *

.

Nom du profil: 65cx60vd.default (autant)

.

(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");

(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");

(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q={searchTerms}");

(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");

(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.15");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredimail.com/");

.

(prefs.js) TROUVÉ: user_pref("browser.search.defaultengine", "Ask.com");

(prefs.js) TROUVÉ: user_pref("browser.search.order.1", "Ask.com");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.mode.debug", "false");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q={searchTerms}");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredimail.com/");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.search.history.capacity", "10");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.simapp_id", "{DF6E513F-B452-4B5D-BC8B-CF27C707B5A4}");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

(prefs.js) TROUVÉ: user_pref("sweetim.toolbar.version", "1.0.0.8");

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search Page: hxxp://search.live.com

Search Bar: hxxp://search.live.com/sphome.aspx

Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: NARY 9c0a164b221eca01

Start Page Redirect Cache AcceptLangs: fr

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://fr.msn.com/

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

===================================

.

15407 Octet(s) - C:\Ad-Report-SCAN[1].log

.

4853 Fichier(s) - D:\DOCUME~1\AUTANT~1.115\LOCALS~1\Temp

155 Fichier(s) - C:\WINDOWS\Temp

.

0 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP

0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE

.

Fin à: 8:00:24 | 31/10/2009 - SCAN[1]

.

============== E.O.F ==============

.

 

 

2) rapport AD-remover (C:\Ad-report-date.log )

.

======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======

.

Mit à jour par C_XX le 18.10.2009 à 19:05

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 8:24:15, 31/10/2009 | Mode Normal | Option: CLEAN

Exécuté de: C:\Program Files\Ad-Remover\

Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600

Nom du PC: 115286660319 | Utilisateur actuel: autant

.

============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============

.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKCU\Software\SweetIM

HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\EoRezoBHO.EoBho

HKLM\Software\Classes\EoRezoBHO.EoBho.1

HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}

HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

HKLM\Software\Classes\MediaPlayer.GraphicsUtils

HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1

HKLM\Software\Classes\MgMediaPlayer.GifAnimator

HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1

HKLM\Software\Classes\SWEETIE.IEToolbar

HKLM\Software\Classes\SWEETIE.IEToolbar.1

HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook

HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1

HKLM\Software\Classes\Toolbar3.SWEETIE

HKLM\Software\Classes\Toolbar3.SWEETIE.1

HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}

HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

HKLM\Software\EoRezo

HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}

HKLM\Software\SweetIM

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}

HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

HKCU\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE

HKLM\software\classes\installer\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE

.

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\EoRezo

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\ItsLabel

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\searchplugins\askcom.xml

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\searchplugins\sweetim.xml

D:\DOCUME~1\AUTANT~1.115\APPLIC~1\Mozilla\Firefox\Profiles\65cx60vd.default\SweetIMToolbarData

D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM

C:\Program Files\Everest Poker

C:\Program Files\SweetIM ... ERREUR SUPPRESSION !!

D:\DOCUME~1\AUTANT~1.115\LOCALS~1\Temp\AskSearch

C:\Windows\Installer\11d7c2.msi

C:\Windows\Installer\11d7c8.msi

 

(!) -- Fichiers temporaires supprimés.

 

.

============== Scan additionnel ==============

.

.

* Mozilla FireFox Version 3.0.15 [fr] *

.

Nom du profil: 65cx60vd.default (autant)

.

(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");

(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");

(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q={searchTerms}");

(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");

(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.15");

(Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredimail.com/");

.

(prefs.js) EFFACÉ: user_pref("browser.search.defaultengine", "Ask.com");

(prefs.js) EFFACÉ: user_pref("browser.search.order.1", "Ask.com");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.mode.debug", "false");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q={searchTerms}");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredimail.com/");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.history.capacity", "10");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.simapp_id", "{DF6E513F-B452-4B5D-BC8B-CF27C707B5A4}");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.version", "1.0.0.8");

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Search Page: hxxp://search.live.com

Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: NARY 9c0a164b221eca01

Start Page Redirect Cache AcceptLangs: fr

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

===================================

.

599 Octet(s) - C:\Ad-Report-CLEAN[1].log

15333 Octet(s) - C:\Ad-Report-CLEAN[2].log

15744 Octet(s) - C:\Ad-Report-SCAN[1].log

.

1863 Fichier(s) - D:\DOCUME~1\AUTANT~1.115\LOCALS~1\Temp

37 Fichier(s) - C:\WINDOWS\Temp

.

19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP

650 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE

.

Fin à: 8:58:38 | 31/10/2009 - CLEAN[2]

.

============== E.O.F ==============

.

 

3) rapport OTM

All processes killed

Error: Unable to interpret <nettoyage> in the current context!

========== FILES ==========

File/Folder C:\Program Files\eoRezo not found.

File/Folder C:\Program Files\Ask.com not found.

File/Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: autant.115286660319

->Temp folder emptied: 610119524 bytes

->Temporary Internet Files folder emptied: 15792970 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 55201678 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LocalService

->Temp folder emptied: 115616 bytes

->Temporary Internet Files folder emptied: 35761 bytes

 

User: LocalService.AUTORITE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService.AUTORITE NT.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 3029405 bytes

 

User: LocalService.AUTORITE NT.001

->Temp folder emptied: 0 bytes

File delete failed. D:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Mon PC

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORITE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORITE NT.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 363658 bytes

 

User: NetworkService.AUTORITE NT.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORITE NT.002

->Temp folder emptied: 0 bytes

File delete failed. D:\Documents and Settings\NetworkService.AUTORITE NT.002\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\msdownld.tmp folder deleted successfully.

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

Windows Temp folder emptied: 3433882 bytes

RecycleBin emptied: 599 bytes

 

Total Files Cleaned = 656,46 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 10312009_091034

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

4) rapport malware bytes ( première étape)

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3063

Windows 5.1.2600 Service Pack 3

 

31/10/2009 09:44:10

mbam-log-2009-10-31 (09-44-01).txt

 

Type de recherche: Examen rapide

Eléments examinés: 140397

Temps écoulé: 8 minute(s), 44 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

 

Merci et A+

[chrifleur]

supprime ce que Malwarebytes a trouvé

faire un Scan Antivirus en ligne avec Internet explorer et accepter l'ActiveX

poster le rapport ici ensuite

 

http://www.pandasecurity.com/homeusers/solutions/activescan/?

[ieroue]

Bonjour

Le scan Panda( en anglais) m'a trouvé infecté et m'a proposé une offre payante.

Je n'ai pas trouvé le rapport : quel nom? quel chemin d'accès?

 

Merci et A+

[ieroue]

Désolé, je devais avoir mal cherché

 

voici le rapport Panda

 

A+

 

ANALYSIS: 2009-11-02 07:24:29

PROTECTIONS: 2

MALWARE: 19

SUSPECTS: 2

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Antivirus BitDefender 12.0 Yes No

Kaspersky Anti-Virus 8.0.0.506 Yes Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.atdmt.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@247realmedia[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.mediaplex.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.xiti.com/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@xiti[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@bs.serving-sys[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@weborama[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@adtech[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.adtech.de/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@advertising[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@bluestreak[2].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@smartadserver[1].txt

03509749 Generic Trojan Virus/Trojan No 0 No No d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar[patch\patch.exe]

03509749 Generic Trojan Virus/Trojan No 0 No No d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar[install.exe][install.exe][install.exe]

03509749 Generic Trojan Virus/Trojan No 0 No No d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\full version dany brillant porto ricol.zip[setup32.exe][setup32.exe][install.exe]

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location

;===============================================================================

=================================================================================

===================

No d:\documents and settings\autant.115286660319\bureau\nettoyage\toolbarsd.exe

No d:\documents and settings\autant.115286660319\bureau\nettoyage\usbfix\usbfix.exe

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

 

Désolé, je devais avoir mal cherché

 

voici le rapport Panda

 

A+

 

ANALYSIS: 2009-11-02 07:24:29

PROTECTIONS: 2

MALWARE: 19

SUSPECTS: 2

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Antivirus BitDefender 12.0 Yes No

Kaspersky Anti-Virus 8.0.0.506 Yes Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@doubleclick[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.atdmt.com/]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.247realmedia.com/]

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@247realmedia[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.mediaplex.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.xiti.com/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@xiti[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@bs.serving-sys[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@weborama[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@adtech[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.adtech.de/]

00168109 Cookie/Adtech TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.adtech.de/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No d:\documents and settings\mon pc\application data\mozilla\firefox\profiles\6qoud194.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon pc@advertising[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No d:\documents and settings\mon pc\cookies\mon_pc@bluestreak[2].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No d:\documents and settings\autant.115286660319\cookies\autant@smartadserver[1].txt

03509749 Generic Trojan Virus/Trojan No 0 No No d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar[patch\patch.exe]

03509749 Generic Trojan Virus/Trojan No 0 No No d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar[install.exe][install.exe][install.exe]

03509749 Generic Trojan Virus/Trojan No 0 No No d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\full version dany brillant porto ricol.zip[setup32.exe][setup32.exe][install.exe]

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location

;===============================================================================

=================================================================================

===================

No d:\documents and settings\autant.115286660319\bureau\nettoyage\toolbarsd.exe

No d:\documents and settings\autant.115286660319\bureau\nettoyage\usbfix\usbfix.exe

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

[chrifleur]

recherche et supprime

d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar[patch\patch.exe]

d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar[install.exe][install.exe][install.exe]

d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\full version dany brillant porto ricol.zip[setup32.exe][setup32.exe][install.exe]

puisque infecté

[ieroue]

c'est fait, j'ai supprimé les fichiers:

 

d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\model dany brillant porto ricol.rar

 

et

 

d:\documents and settings\autant.115286660319\mes documents\ma musique\bibliotheque musique\derniers telechargements\full version dany brillant porto ricol.zip

 

Ce sont les deux seuls que j'ai trouvés.

 

Merci de ton aide

 

A+