Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Des dossiers qui se transforment en exe

apt

Par apt
dans Analyses et éradication malwares

 Partager

Messages recommandés

apt Mega Power Member

apt

Posté(e)
Posté(e) (modifié)

Bonjour à tous,

 

Probléme de dossiers qui se transforment en exe.

 

Rapport Scan de AD-R :

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 08/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF

 

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:46:40 le 11/04/2011, Mode normal

 

Service Pack 2 (X86)

Administrateur@AT-72E854A4EACC ( )

 

============== RECHERCHE ==============

 

 

Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js

Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\searchplugins\askcom.xml

Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\conduit

Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\ConduitEngine

Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\extensions\engine@conduit.com

Fichier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\searchplugins\conduit.xml

Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit

Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\PriceGong

 

-- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\Prefs.js --

Ligne trouvée: user_pref("CT2102473.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...

Ligne trouvée: user_pref("CT2102473.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT210...

Ligne trouvée: user_pref("CT2542115.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=935078&fid=930862", "\"0\""...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DZ", "\"0\"")...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/935078/930862/DZ", "\"0\"")...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2102473", ...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2542115", ...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2102473&octid=...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2542115&octid=...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize....

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT1351374.xml", "\"0331f...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr-fr", "\"...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16409683.xml", "\"ba36ab39030421ce719...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16727535.xml", "\"10e20590d4d0dbfe3f8...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/18863815.xml", "\"9d3c372ac50c934b013...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19058681.xml", "\"92613eb3c53cb14c284...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19248106.xml", "\"f0e56750dcf134451a1...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19554706.xml", "\"042a6998b2085a842dc...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"f95e20b1817a6a2ed8d14...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/807095.xml", "\"61116ba70ea3a5ac2af56...

Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/813286.xml", "\"30bd35a3b17b9d7444d5d...

Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "CT2542115");

Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "{4daac69c-cba7-45e2-9bc8-1044483d3352}");

Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_france");

Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);

Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2542115");

Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{4daac69c-cba7-45e2-9bc8-1044483d3352}");

Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_france");

Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...

Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2102473,ConduitEngine,CT2542115");

Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2102473,CT2542115");

Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 17:40:37 GMT+02...

Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Apr 11 2011 10:14:58 GMT+0200");

Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Ligne trouvée: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");

Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Apr 11 2011 10:14:50 GMT+0200");

Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");

Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "3e0e6098-8fba-4180-904f-3972fb7635a3");

Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Nov 14 2010 07:53:42 GMT+0100");

Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Ligne trouvée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2542115");

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_16409683.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_18863815.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_19248106.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_19554706.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_19757371.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100")...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100")...

Ligne trouvée: user_pref("CommunityToolbar.twitter.user_813286.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100")...

Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 17:40:42 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Apr 08 2011 16:54:00 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "11/11/2010 17");

Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);

Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);

Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Ligne trouvée: user_pref("ConduitEngine.Initialize", true);

Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Thu Nov 11 2010 16:21:35 GMT+0100");

Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);

Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 11 2011 10:26:08 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Nov 14 2010 10:51:53 GMT+0100");

Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Apr 02 2011 17:22:43 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Apr 11 2011 13:25:15 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 11 2011 13:25:15 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.UserID", "UN10782578942277415");

Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");

Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 11 2011 10:26:14 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Apr 11 2011 10:14:51 GMT+0200");

Ligne trouvée: user_pref("ConduitEngine.initDone", true);

Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Ligne trouvée: user_pref("ConduitEngine.usagesFlag", 1);

Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");

Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&Sea...

Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");

-- Fichier Fermé --

 

 

Clé trouvée: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}

Clé trouvée: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

Clé trouvée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx

Clé trouvée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx.1

Clé trouvée: HKLM\Software\Classes\Conduit.Engine

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2102473

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2465030

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115

Clé trouvée: HKLM\Software\Conduit

Clé trouvée: HKCU\Software\Toolbar

Clé trouvée: HKCU\Software\PriceGong

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

 

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [3.6.16 (fr)] ****

 

HKLM_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)

HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)

Components\AskHPRFF.js

Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} (flashget3 Extension)

HKCU_Extensions|moveplayer@movenetworks.com - C:\Documents and Settings\Administrateur\Application Data\Move Networks

 

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default --

Extensions\en-GB@dictionaries.addons.mozilla.org (British English Dictionary)

Extensions\engine@conduit.com (Conduit Engine )

Extensions\firebug@software.joehewitt.com (Firebug)

Extensions\fontfinder@bendodson.com (Font Finder)

Extensions\pencil@evolus.vn (Pencil)

Extensions\{1c491116-c175-45e1-a570-6fb14fea8b7b} (PHPNukeFR Community Toolbar)

Extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352} (Softonic_France Community Toolbar)

Extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} (?)

Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer)

Extensions\{c671b520-abe9-11d8-8ebc-000c6e787bf7} (InspectorWidget)

Searchplugins\askcom.xml (?)

Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&SearchSource=3&q={searchTerms} /)

Prefs.js - browser.download.lastDir, D:\\AppServ\\www\\i3lanat\\0000

Prefs.js - browser.search.defaultenginename, Google

Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&SearchSource=3&q={searchTerms}

Prefs.js - browser.startup.homepage, hxxp://www.google.fr/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16

Prefs.js - keyword.URL, hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Search bar - hxxp://www.google.com/ie

HKCU_Main|Search Page - hxxp://www.google.com

HKCU_Main|Start Page - hxxp://www.google.fr/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKCU_SearchScopes\{05CE69CA-A467-40B4-A6D0-D63850F144CC} - "Recherche sur Ebay" (hxxp://search.ebay.fr/search/search.dll?cgiurl=hxxp%3A%2F%2Fcgi.ebay.fr%2Fws%2F&...)

HKCU_SearchScopes\{0CACCF86-4D37-4DBE-9AAF-51C817A8A58C} - "Recherche sur Myspace" (hxxp://sads.myspace.com/Modules/Search/Pages/Search.aspx?fuseaction=advancedFind...)

HKCU_SearchScopes\{129F152A-0117-474E-80ED-DA48936E3976} - "Recherche sur Fnac.com" (hxxp://www3.fnac.com/search/quick.do?text={searchTerms}&category=-13&SID=e3e71fb...)

HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=BT3&o=14979&src=crm&q={searchTerm...)

HKCU_SearchScopes\{48682094-7DFB-4581-9A68-A8414F1C4327} - "Recherche sur Linternaute" (hxxp://recherche.linternaute.com/cgi-bin/findall?KEYWORDS={searchTerms}&S=Linter...)

HKCU_SearchScopes\{5A171114-24D8-435B-8A2C-D28AC20D125C} - "Recherche sur Wikipedia" (hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms})

HKCU_SearchScopes\{770A317A-D33D-41E4-8BFD-22CCD72426A0} - "Recherche sur Facebook" (hxxp://www.facebook.com/s.php?src=os&q={searchTerms})

HKCU_SearchScopes\{7780F183-7385-4512-8AC8-F4E401767900} - "Recherche sur cnet.com" (hxxp://cnet.search.com/search?q={searchTerms})

HKCU_SearchScopes\{91821537-42FB-4108-AF1C-851E2C002716} - "Recherche sur Yahoo!" (hxxp://search.yahoo.fr/search?p={searchTerms}&ei=utf-8&fr=b2ie7)

HKCU_SearchScopes\{99155D35-BF19-45A0-A055-B51491CF7947} - "Recherche sur TousLesDrivers.com" (hxxp://www.touslesdrivers.com/index.php?v_page=25&v_mots={searchTerms})

HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Softonic_France Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

HKCU_SearchScopes\{B7059C95-CACB-4228-AC0E-64094F26A974} - "Recherche sur MTV.com" (hxxp://www.mtv.com/search/index.jhtml?searchterm={searchTerms}&searchtype=all)

HKCU_SearchScopes\{C275CF6F-22D6-4939-B6B4-91293CA904F9} - "Recherche sur Cdiscount" (hxxp://www.cdiscount.com/mag/search_global.asp?navid=10&search_sinequa={searchTe...)

HKCU_SearchScopes\{FA570E6D-BDB5-46EA-9425-63B9B469D4B2} - "Recherche sur Microsoft" (hxxp://search.microsoft.com/results.aspx?mkt=fr-FR&setlang=fr-FR&q={searchTerms})

HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x)

HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - D:\Program Files\Internet Download Manager\IEMonitor.exe (x)

HKCU_ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} - C:\Documents and Settings\Administrateur\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe (?)

HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - D:\Program Files\Internet Download Manager\IDMan.exe (x)

HKLM_ElevationPolicy\26cdc9d6-5e57-49fe-8075-6620fba472f4 - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (x)

HKLM_ElevationPolicy\40a76a6d-dd38-4ece-be33-acf9f1e6a430 - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (x)

HKLM_ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0} - C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe (x)

HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (x)

HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - d:\Program Files\Internet Download Manager\IDMan.exe (x)

HKLM_Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - "Statistiques d’Anti-Virus Internet" (C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll,102)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - "FlashGetBHO" (C:\Documents and Settings\Administrateur\Application Data\FlashGetBHO\FlashGetBHO3.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

 

C:\Ad-Report-SCAN[1].txt - 11/04/2011 13:46:46 (14012 Octet(s))

 

Fin à: 13:47:29, 11/04/2011

 

============== E.O.F ==============

 

Rapport de nettoyage de AD-R :

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 08/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 13:48:28 le 11/04/2011, Mode normal

 

Service Pack 2 (X86)

Administrateur@AT-72E854A4EACC ( )

 

============== ACTION(S) ==============

 

 

Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js

Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\searchplugins\askcom.xml

Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\conduit

Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\ConduitEngine

Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\extensions\engine@conduit.com

Fichier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\searchplugins\conduit.xml

Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit

Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\PriceGong

 

(!) -- Fichiers temporaires supprimés.

 

 

-- Fichier ouvert: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default\Prefs.js --

Ligne supprimée: user_pref("CT2102473.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...

Ligne supprimée: user_pref("CT2102473.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT210...

Ligne supprimée: user_pref("CT2542115.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=935078&fid=930862", "\"0\""...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DZ", "\"0\"")...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/935078/930862/DZ", "\"0\"")...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2102473", ...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2542115", ...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2102473&octid=...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2542115&octid=...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize....

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/Newtab/Softonic/CT1351374.xml", "\"0331f...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr-fr", "\"...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16409683.xml", "\"ba36ab39030421ce719...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16727535.xml", "\"10e20590d4d0dbfe3f8...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/18863815.xml", "\"9d3c372ac50c934b013...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19058681.xml", "\"92613eb3c53cb14c284...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19248106.xml", "\"f0e56750dcf134451a1...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19554706.xml", "\"042a6998b2085a842dc...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"f95e20b1817a6a2ed8d14...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/807095.xml", "\"61116ba70ea3a5ac2af56...

Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/813286.xml", "\"30bd35a3b17b9d7444d5d...

Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "CT2542115");

Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "{4daac69c-cba7-45e2-9bc8-1044483d3352}");

Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_france");

Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);

Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2542115");

Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{4daac69c-cba7-45e2-9bc8-1044483d3352}");

Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_france");

Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...

Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2102473,ConduitEngine,CT2542115");

Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2102473,CT2542115");

Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 17:40:37 GMT+02...

Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Apr 11 2011 10:14:58 GMT+0200");

Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Ligne supprimée: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");

Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Apr 11 2011 10:14:50 GMT+0200");

Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");

Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "3e0e6098-8fba-4180-904f-3972fb7635a3");

Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Nov 14 2010 07:53:42 GMT+0100");

Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Ligne supprimée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2542115");

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_16409683.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_18863815.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_19248106.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_19554706.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_19757371.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100")...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100")...

Ligne supprimée: user_pref("CommunityToolbar.twitter.user_813286.LastCheckTime", "Sun Nov 14 2010 10:54:09 GMT+0100")...

Ligne supprimée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 17:40:42 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Apr 08 2011 16:54:00 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "11/11/2010 17");

Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);

Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);

Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Ligne supprimée: user_pref("ConduitEngine.Initialize", true);

Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Thu Nov 11 2010 16:21:35 GMT+0100");

Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);

Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 11 2011 10:26:08 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Nov 14 2010 10:51:53 GMT+0100");

Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Apr 02 2011 17:22:43 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Apr 11 2011 13:25:15 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 11 2011 13:25:15 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.UserID", "UN10782578942277415");

Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");

Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 11 2011 10:26:14 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Apr 11 2011 10:14:51 GMT+0200");

Ligne supprimée: user_pref("ConduitEngine.initDone", true);

Ligne supprimée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Ligne supprimée: user_pref("ConduitEngine.usagesFlag", 1);

Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");

Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&Sea...

Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");

-- Fichier Fermé --

 

 

Clé supprimée: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}

Clé supprimée: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

Clé supprimée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx

Clé supprimée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx.1

Clé supprimée: HKLM\Software\Classes\Conduit.Engine

Clé supprimée: HKLM\Software\Classes\Toolbar.CT2102473

Clé supprimée: HKLM\Software\Classes\Toolbar.CT2465030

Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115

Clé supprimée: HKLM\Software\Conduit

Clé supprimée: HKCU\Software\Toolbar

Clé supprimée: HKCU\Software\PriceGong

Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

 

Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [3.6.16 (fr)] ****

 

HKLM_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)

HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)

Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} (flashget3 Extension)

HKCU_Extensions|moveplayer@movenetworks.com - C:\Documents and Settings\Administrateur\Application Data\Move Networks

 

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\68fd25xy.default --

Extensions\en-GB@dictionaries.addons.mozilla.org (British English Dictionary)

Extensions\firebug@software.joehewitt.com (Firebug)

Extensions\fontfinder@bendodson.com (Font Finder)

Extensions\pencil@evolus.vn (Pencil)

Extensions\{1c491116-c175-45e1-a570-6fb14fea8b7b} (PHPNukeFR Community Toolbar)

Extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352} (Softonic_France Community Toolbar)

Extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} (?)

Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer)

Extensions\{c671b520-abe9-11d8-8ebc-000c6e787bf7} (InspectorWidget)

Prefs.js - browser.download.lastDir, D:\\AppServ\\www\\i3lanat\\0000

Prefs.js - browser.search.defaultenginename, Google

Prefs.js - browser.startup.homepage, hxxp://www.google.fr/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16

Prefs.js - keyword.URL, hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{05CE69CA-A467-40B4-A6D0-D63850F144CC} - "Recherche sur Ebay" (hxxp://search.ebay.fr/search/search.dll?cgiurl=hxxp%3A%2F%2Fcgi.ebay.fr%2Fws%2F&...)

HKCU_SearchScopes\{0CACCF86-4D37-4DBE-9AAF-51C817A8A58C} - "Recherche sur Myspace" (hxxp://sads.myspace.com/Modules/Search/Pages/Search.aspx?fuseaction=advancedFind...)

HKCU_SearchScopes\{129F152A-0117-474E-80ED-DA48936E3976} - "Recherche sur Fnac.com" (hxxp://www3.fnac.com/search/quick.do?text={searchTerms}&category=-13&SID=e3e71fb...)

HKCU_SearchScopes\{48682094-7DFB-4581-9A68-A8414F1C4327} - "Recherche sur Linternaute" (hxxp://recherche.linternaute.com/cgi-bin/findall?KEYWORDS={searchTerms}&S=Linter...)

HKCU_SearchScopes\{5A171114-24D8-435B-8A2C-D28AC20D125C} - "Recherche sur Wikipedia" (hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms})

HKCU_SearchScopes\{770A317A-D33D-41E4-8BFD-22CCD72426A0} - "Recherche sur Facebook" (hxxp://www.facebook.com/s.php?src=os&q={searchTerms})

HKCU_SearchScopes\{7780F183-7385-4512-8AC8-F4E401767900} - "Recherche sur cnet.com" (hxxp://cnet.search.com/search?q={searchTerms})

HKCU_SearchScopes\{91821537-42FB-4108-AF1C-851E2C002716} - "Recherche sur Yahoo!" (hxxp://search.yahoo.fr/search?p={searchTerms}&ei=utf-8&fr=b2ie7)

HKCU_SearchScopes\{99155D35-BF19-45A0-A055-B51491CF7947} - "Recherche sur TousLesDrivers.com" (hxxp://www.touslesdrivers.com/index.php?v_page=25&v_mots={searchTerms})

HKCU_SearchScopes\{B7059C95-CACB-4228-AC0E-64094F26A974} - "Recherche sur MTV.com" (hxxp://www.mtv.com/search/index.jhtml?searchterm={searchTerms}&searchtype=all)

HKCU_SearchScopes\{C275CF6F-22D6-4939-B6B4-91293CA904F9} - "Recherche sur Cdiscount" (hxxp://www.cdiscount.com/mag/search_global.asp?navid=10&search_sinequa={searchTe...)

HKCU_SearchScopes\{FA570E6D-BDB5-46EA-9425-63B9B469D4B2} - "Recherche sur Microsoft" (hxxp://search.microsoft.com/results.aspx?mkt=fr-FR&setlang=fr-FR&q={searchTerms})

HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - D:\Program Files\Internet Download Manager\IEMonitor.exe (x)

HKCU_ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} - C:\Documents and Settings\Administrateur\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe (?)

HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - D:\Program Files\Internet Download Manager\IDMan.exe (x)

HKLM_ElevationPolicy\26cdc9d6-5e57-49fe-8075-6620fba472f4 - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (x)

HKLM_ElevationPolicy\40a76a6d-dd38-4ece-be33-acf9f1e6a430 - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (x)

HKLM_ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0} - C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe (x)

HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (x)

HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - d:\Program Files\Internet Download Manager\IDMan.exe (x)

HKLM_Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - "Statistiques d’Anti-Virus Internet" (C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll,102)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - "FlashGetBHO" (C:\Documents and Settings\Administrateur\Application Data\FlashGetBHO\FlashGetBHO3.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 142 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

 

C:\Ad-Report-CLEAN[1].txt - 11/04/2011 13:48:31 (13521 Octet(s))

C:\Ad-Report-SCAN[0].txt - 11/04/2011 13:47:41 (19677 Octet(s))

C:\Ad-Report-SCAN[1].txt - 11/04/2011 13:46:46 (19677 Octet(s))

 

Fin à: 13:49:31, 11/04/2011

 

============== E.O.F ==============

 

Je suis en train de faire une recherche avec Malwarebyte.

 

Merci.

Modifié par apt

apt Mega Power Member

apt

Posté(e)
  • Auteur
Posté(e)

Voila le rapport Malwarebytes :

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 6331

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

11/04/2011 17:14:23

mbam-log-2011-04-11 (17-14-23).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 265154

Temps écoulé: 1 heure(s), 8 minute(s), 34 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 175

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 35

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\799d.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiU.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AoYun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appdllman.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvU3Launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Discovery.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filmst.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jisu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernelwind32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logogo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfserver.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qheart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravcopy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanU3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stormii.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxgame.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbapp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wsyscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XDelBox.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe (Security.Hijack) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\exefile\NeverShowExt (Risk.HiddenExt) -> Value: NeverShowExt -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\documents and settings\administrateur\local settings\application data\thinstall\Cache\Stubs\35a11b10453b379a961c86ea83edf06cbfbdf5b4\rapidphp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP128\A0062649.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP129\A0062746.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP129\A0062747.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP129\A0062748.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062773.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062775.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062810.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062812.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062813.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062849.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062774.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0062848.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0063028.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0063452.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0063548.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b2d1c476-6522-4438-b311-91837c498260}\RP130\A0063991.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\cedfotqb$.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\VRT11.tmp (Trojan.Downloader) -> Delete on reboot.

c:\WINDOWS\Temp\VRT12.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\WINDOWS\bricopacks\SysFiles\79_iexplore.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\WINDOWS\bricopacks\SysFiles\7_calc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

d:\st2\portable blumentals rapid php 2010 v10.1.0.119.exe (Trojan.Agent) -> Quarantined and deleted successfully.

d:\WINDOWS\bricopacks\vista inspirat 2\packfiles\7_calc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\all users\Bureau\¸ؤ±نؤمµؤز»ةْ.url (Malware.Traces) -> Quarantined and deleted successfully.

c:\documents and settings\all users\Bureau\أâ·رµçس°c.url (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\all users\Bureau\intennet exploner.lnk (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\all users\Bureau\جش±¦¹؛خïa.url (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\administrateur\Favoris\&çح·×حّض·µ¼؛½&.url (Malware.Trace) -> Quarantined and deleted successfully.

c:\MFILES\winlogon.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu démarrer\programmes\démarrage\1681.lnk (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Delete on reboot.

c:\documents and settings\administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\administrateur\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

apt Mega Power Member

apt

Posté(e)
  • Auteur
Posté(e)

Au redemarrage, KAV a éliminer des fichiers infectés du systeme.

 

Windows ne démarre pas bien !

 

Réinstaalation de windows.

 

Mais je doute encore que le virus ait été éradiquer !

 

Une solution ?

lance_yien Full Patch Member

lance_yien

Posté(e)
Posté(e)

Bonjour apt,

 

Très Important!

 

exclam.gif>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

exclam.gif>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

exclam.gif>>> Que faire à la réception de nouvelles instructions,

  • Lire la totalité du message.
  • TOUS LES UTILITAIRES doivent être lancés depuis le Bureau (sauf indication spécifique). Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
    Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  • Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  • Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  • NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.

exclam.gif>>> Comment répondre:

- Cliquer sur le bouton zeb_bouton.png (et non sur zeb-bouton2.png car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

 

exclam.gif>>> Ne pas abandonner son sujet avant d'avoir été informé(e) que tout et OK.

 

Explique pourquoi tu doutes "encore que le virus ait été éradiquer !"

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

  • OTL (par OldTimer) depuis ici ou ici.
  • Security Check (par screen317) depuis ici ou ici.

 

>>> Utiliser OTL: Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe (Vista/ Windows7, cliquer-droit dessus => Exécuter en tant qu'Admin).

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

 

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

 

Rapports demandés:

  • OTL.txt
  • Extras.txt
  • checkup.txt

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...