Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

213 fichiers infectés (Résolu)

sylwya

Par sylwya
dans Analyses et éradication malwares

 Partager

Messages recommandés

sylwya Mega Power Member

sylwya

Posté(e)
Posté(e) (modifié)

Bonsoir

 

J'ai passé cet après midi mbam,sur le PC d'une amie, qui ramait et pour sur lequel j'ai été obligée de me mettre en mode sans echec, avec prise en charge réseau pour télécharger MBAM et avira.

 

elle n'avait pas d'antivirus !!!!!

 

J'ai mis en quarantaine toutes les bestioles trouvées mais y at-il d'autres vérifications à effectuer compte tenu de la situation :outch: pas d'antivirus :outch:

 

C'est un PC portable ACER aspire 5520 - vista 32 bits

 

De plus, depuis mars 2010 elle ne semble plus pouvoir mettre à jour windows update, échec, échec, échec :-? est-ce lié aux bestioles ? sinon je ferais un autre sujet après nettoyage

 

Merci de votre aide

 

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Version de la base de données: 6617

 

Windows 6.0.6000 (Safe Mode)

Internet Explorer 7.0.6000.16916

 

19/05/2011 16:56:35

mbam-log-2011-05-19 (16-56-34).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 252595

Temps écoulé: 38 minute(s), 37 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 119

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 34

Fichier(s) infecté(s): 56

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{064C57B4-B9EC-425F-B9B3-BCEFFEEA74D9} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.HbAx.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.HbAx (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.SmrtShprCtl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.SmrtShprCtl (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0755E4F0-3F92-4A67-AD14-E9F287F76FBC} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.IEButtonB.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.IEButtonB (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.HbInfoBand.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.HbInfoBand (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{137E6E5E-A205-4657-A49F-1AB865787089} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2260D608-C844-435D-90FD-DC16CFA577F2} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.IEButton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.IEButton (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{69725738-CD68-4F36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{76D54105-99EB-4ECB-95B2-A944F50CC566} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{BCEB373D-A35A-4200-BD43-8586CD9DFAE7} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.IEButtonA.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SmartShopper.IEButtonA (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D95C7240-0282-4c01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarAX.ClientDetector.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HotbarAX.ClientDetector (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{2615F050-9C18-4267-B711-8E3687DC0145} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{CB0D9D8C-535E-4352-BA8F-65C3C8676612} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{08AA0598-6A23-4364-9BF4-6D5F57F42993} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\InstIE.HbInstObj (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\InstIE.HbInstObj.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Value: Windows UDP Control Center -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\Users\melun\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot.

c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\Users\melun\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\Users\melun\AppData\Roaming\weatherdpa\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\Users\melun\AppData\Roaming\weatherdpa\Weather\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\Users\melun\AppData\Roaming\weatherdpa\Weather\weatherdpa\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

c:\program files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0 (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions\components (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\pacman (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\sonic (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shoppingreport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\Bin\2.5.0 (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\cs\antiphishing (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\program files\smartshopper\Bin\2.5.0\SmrtShpr.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\cntntcntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\wallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\Srv.exe (Adware.Softomate) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\hotbarsaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\Cml.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\hotbarsadf.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\hotbaruninstaller.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\launchhelp.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\WeSkin.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions\plugins\npclntax_hotbarsa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\Windows\fxsteller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\Users\melun\AppData\Roaming\weatherdpa\Weather\weatherstartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\link.ico (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\Hotbar\bin\10.2.232.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\attenteoff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\attenteon.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\catalogue.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\pacman\pacman.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\pacman\pacman.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\pacman\pacman.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\sonic\sonic.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\sonic\sonic.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\content\favoris\sonic\sonic.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\ressources\favoris\xml\favoris.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\internetgamebox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.

c:\program files\smartshopper\Uninst.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\cs\antiphishing\antiphishing.html (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\cs\antiphishing\phishalert.gif (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\cs\antiphishing\x.gif (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\program files\smartshopper\cs\antiphishing\xActive.gif (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\uninstall hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

Modifié par sylwya

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir Miss,

 

Mbam n'est pas à jour sinon ce serait encore pire je pense. :o:mhh:

 

Veille à bien installer la dernière mise à jour ;)

 

ZHPDiag :

 

  • Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
     
     
  • Double-clique sur ZHPDiag.exe pour lancer l'installation
    • Important:
      Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

 

[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.

 

[*]Double-clique sur ZHPDiag pour lancer l'exécution

  • Important:
    Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

 

[*]Clique sur le tournevis. tourneviszhpdiag.jpg

[*]Clique sur la loupe loupe_10.jpg pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%

Tu refermes ZHPDiag

 

[*]Le rapport ZHPDiag.txt se trouve sur le Bureau.

Ce rapport étant trop long pour le forum, héberge le :

 

@++

  • Upvote 1
Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Y'en a partout.

 

Télécharge Ad-Remover de C-XX et Enregistre-le sur le bureau.

 

http://www.teamxscript.org/adremoverTelechargement.html

 

Ferme toutes les applications ouvertes pour l'installer.

 

Sous XP: Double-clique, (Clic droit/exécuter comme administrateur pour Vista/7) sur l'icône placée sur le bureau.

 

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

 

Clique sur scanner

 

Ad-Remover1.jpg

 

Le rapport se trouve aussi sous C:\Ad-Report Scan.

Copie/colle-le dans ta réponse stp.

 

 

----------------------------------------------------

 

Relance Ad-Remover et cette fois, clique sur Nettoyer

 

Le bureau va disparaître, c'est normal.

 

Le rapport à poster sera sur C:\Ad-Report Clean.

 

*** Poste les deux rapports stp.

 

-------------------------------------------

 

Relance Ad-Remover et clique sur Désinstaller.

 

@++

  • Upvote 1
sylwya Mega Power Member

sylwya

Posté(e)
  • Auteur
Posté(e)

Coucou Apollo

 

Je ne suis pas étonnée de lire "y en a partout" car pas d'antivirus :outch: cela je ne m'en remettrais pas, sachant que j'ai vu qu'il y a eu un temps où Emule fut installé sur le Pc puis désinstaller (je pense mal désinstallé) car il reste des tas de fichiers Emule impossible à supprimer :mhh: Mais bon peut être que le gentil nettyage que tu me demandes de faire va les éradiquer !?

 

Voici rapport Scan

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:27:32 le 20/05/2011, Mode normal

 

Microsoft® Windows Vista Édition Familiale Basique (X86)

melun@PC-DE-MELUN (Acer Aspire 5520)

 

============== RECHERCHE ==============

 

 

Fichier trouvé: C:\Users\melun\AppData\Local\qiokuqi.bat

Fichier trouvé: C:\Users\melun\AppData\Local\qiokuqi.dat

Dossier trouvé: C:\ProgramData\GamesBar

Dossier trouvé: C:\Users\melun\AppData\LocalLow\Hotbar

Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox

Dossier trouvé: C:\Users\melun\AppData\LocalLow\ShoppingReport

Dossier trouvé: C:\ProgramData\Trymedia

Dossier trouvé: C:\Users\melun\AppData\Roaming\EoRezo

Dossier trouvé: C:\Users\melun\AppData\Roaming\ItsLabel

Dossier trouvé: C:\ProgramData\Kiwee Toolbar2

Fichier trouvé: C:\Users\melun\AppData\Local\ocnbgj_nav.dat

Fichier trouvé: C:\Users\melun\AppData\Local\ocnbgj.dat

Fichier trouvé: C:\Users\melun\AppData\Local\ocnbgj_navps.dat

Fichier trouvé: C:\Users\melun\AppData\Local\qiokuqi_nav.dat

Fichier trouvé: C:\Users\melun\AppData\Local\qiokuqi_navps.dat

 

Clé trouvée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}

Clé trouvée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}

Clé trouvée: HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}

Clé trouvée: HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}

Clé trouvée: HKLM\Software\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}

Clé trouvée: HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

Clé trouvée: HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}

Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qiokuqi

Clé trouvée: HKLM\Software\Classes\EoRezoBHO.EoBho

Clé trouvée: HKLM\Software\Classes\EoRezoBHO.EoBho.1

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2031308

Clé trouvée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL

Clé trouvée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}

Clé trouvée: HKLM\Software\Conduit

Clé trouvée: HKLM\Software\Trymedia Systems

Clé trouvée: HKLM\Software\AppDataLow\Software\Conduit

Clé trouvée: HKCU\Software\ItsLabel

Clé trouvée: HKCU\Software\Lanconfig

Clé trouvée: HKCU\Software\AppDataLow\Software\Hotbar

Clé trouvée: HKCU\Software\AppDataLow\Software\ShoppingReport

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HotbarSA

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport

Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A

Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F

Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Clé trouvée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder

 

Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp

Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp

Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|Hotbar 10.2.232.0

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Internet Explorer Version [7.0.6000.16916] ****

 

HKCU_Main|SearchMigratedDefaultURL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

HKCU_Main|Search bar - hxxp://recherche.neuf.fr/ie/default.html

HKCU_Main|Search Page - hxxp://recherche.neuf.fr/

HKCU_Main|Start Page - hxxp://mystart.incredimail.com/

HKLM_Main|Default_Page_URL - hxxp://fr.fr.acer.yahoo.com

HKLM_Main|Default_Search_URL - hxxp://recherche.neuf.fr/

HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Start Page - hxxp://eo.st

AboutUrls|Tabs - hxxp://www.lo.st

HKCU_SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F} - "Hotbar Search" (hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HB...)

HKCU_SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF} - "MyStart Search" (hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box)

HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (x)

HKCU_Toolbar\WebBrowser|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} (x)

HKCU_ElevationPolicy\{3A8C4379-021C-4B52-913C-5CC5A06CCBF2} - c:\program files\Google\googletoolbar1user.exe (?)

HKLM_ElevationPolicy\553f3840-b2a0-47b0-8cc1-6a6c1fa8cb6d - C:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x)

HKLM_ElevationPolicy\{39A895E9-93DD-4ffa-A4A3-2C14608B5B61} - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1100465.EXE (x)

HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)

HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)

HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)

BHO\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - "Windows Live OneCare Family Safety Browser Helper Class" (C:\Program Files\Windows Live\Contrôle parental\fssbho.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{64F56FC1-1272-44CD-BA6E-39723696E350} (?)

BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} (?)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

 

C:\Ad-Report-SCAN[1].txt - 20/05/2011 12:27:58 (6808 Octet(s))

 

Fin à: 12:28:39, 20/05/2011

 

============== E.O.F ==============

 

Et voici rapport clean

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:43:06 le 20/05/2011, Mode normal

 

Microsoft® Windows Vista Édition Familiale Basique (X86)

melun@PC-DE-MELUN (Acer Aspire 5520)

 

============== ACTION(S) ==============

 

 

Fichier supprimé: C:\Users\melun\AppData\Local\qiokuqi.bat

Fichier supprimé: C:\Users\melun\AppData\Local\qiokuqi.dat

Dossier supprimé: C:\ProgramData\GamesBar

Dossier supprimé: C:\Users\melun\AppData\LocalLow\Hotbar

Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox

Dossier supprimé: C:\Users\melun\AppData\LocalLow\ShoppingReport

Dossier supprimé: C:\ProgramData\Trymedia

Dossier supprimé: C:\Users\melun\AppData\Roaming\EoRezo

Dossier supprimé: C:\Users\melun\AppData\Roaming\ItsLabel

Dossier supprimé: C:\ProgramData\Kiwee Toolbar2

Fichier supprimé: C:\Users\melun\AppData\Local\ocnbgj_nav.dat

Fichier supprimé: C:\Users\melun\AppData\Local\ocnbgj.dat

Fichier supprimé: C:\Users\melun\AppData\Local\ocnbgj_navps.dat

Fichier supprimé: C:\Users\melun\AppData\Local\qiokuqi_nav.dat

Fichier supprimé: C:\Users\melun\AppData\Local\qiokuqi_navps.dat

 

(!) -- Fichiers temporaires supprimés.

 

 

Clé supprimée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}

Clé supprimée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}

Clé supprimée: HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}

Clé supprimée: HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}

Clé supprimée: HKLM\Software\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}

Clé supprimée: HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

Clé supprimée: HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}

Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qiokuqi

Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBho

Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBho.1

Clé supprimée: HKLM\Software\Classes\Toolbar.CT2031308

Clé supprimée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL

Clé supprimée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}

Clé supprimée: HKLM\Software\Conduit

Clé supprimée: HKLM\Software\Trymedia Systems

Clé supprimée: HKLM\Software\AppDataLow\Software\Conduit

Clé supprimée: HKCU\Software\ItsLabel

Clé supprimée: HKCU\Software\Lanconfig

Clé supprimée: HKCU\Software\AppDataLow\Software\Hotbar

Clé supprimée: HKCU\Software\AppDataLow\Software\ShoppingReport

Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HotbarSA

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport

Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A

Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F

Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Clé supprimée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder

 

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|Hotbar 10.2.232.0

Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Internet Explorer Version [7.0.6000.16916] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF} - "MyStart Search" (hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box)

HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (x)

HKCU_ElevationPolicy\{3A8C4379-021C-4B52-913C-5CC5A06CCBF2} - c:\program files\Google\googletoolbar1user.exe (?)

HKLM_ElevationPolicy\553f3840-b2a0-47b0-8cc1-6a6c1fa8cb6d - C:\Program Files\DigitalPowered\DigitalPoweredToolbarHelper.exe (x)

HKLM_ElevationPolicy\{39A895E9-93DD-4ffa-A4A3-2C14608B5B61} - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1100465.EXE (x)

HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)

HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (?)

HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)

BHO\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - "Windows Live OneCare Family Safety Browser Helper Class" (C:\Program Files\Windows Live\Contrôle parental\fssbho.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{64F56FC1-1272-44CD-BA6E-39723696E350} (?)

BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} (?)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 641 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

 

C:\Ad-Report-CLEAN[1].txt - 20/05/2011 12:43:17 (6846 Octet(s))

C:\Ad-Report-SCAN[1].txt - 20/05/2011 12:27:58 (6946 Octet(s))

 

Fin à: 12:44:17, 20/05/2011

 

============== E.O.F ==============

 

 

 

 

dis je ne rève pas, je vois bien 641 mises en quarantaine en + des 213 déjà mis en quarantaine par MBAM !!!!!!!! :eek2:

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re,

 

de plus aucun service pack n'est installé sur ce Vista... bref un gruyère.

 

Si vous êtes sous Vista/seven:, Désactiver provisoirement l'UAC

 

:arrow: Télécharge USBFIX de TeamXscript et enregistre le sur ton bureau.

 

http://www.teamxscript.org/usbfixTelechargement.html

 

NB: Certains antivirus hurlent sur les processus de l'outil; c'est un faux-positif, ignorer les alertes ou désactiver provisoirement l'antivirus. Si vous ne savez pas comment faire, reportez-vous à cet article.

 

  • Si tu es sous XP, Double-clique sur USBFix.exe pour le lancer.
    Si tu es sous Vista, Clique droit sur USBFix.exe et choisis Exécuter en tant qu'administrateur.
     
  • Clique sur Recherche et laisse l'outil travailler
     
  • Une fenêtre de te demandant de bancher tous les périphériques externes que tu as pu utiliser ces derniers jours (clés USB, lecteurs MP3, disques durs externes, etc ...) va apparaitre.
    Branche le matériel puis clique sur OK pour poursuivre.
     
  • Patiente le temps d'exécution du scan.
     
  • A la fin, un rapport va être généré (C:/USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.

 

------------------------------------------

 

  • Si tu es sous XP, Double-clique sur USBFix.exe pour le lancer.
    Si tu es sous Vista, Clique droit sur USBFix.exe et choisis Exécuter en tant qu'administrateur.
     
  • Clique sur Suppression et laisse travailler l'outil.
     
  • Une fenêtre de te demandant de bancher tous les périphériques externes que tu as pu utiliser ces derniers jours (clés USB, lecteurs MP3, disques durs externes, etc ...) va apparaitre.
    Branche le matériel puis clique sur OK pour poursuivre.
     
  • USBFix va continuer son exécution. Le bureau va disparaitre et ne sera plus accessible tout le temps du scan. Ne t'inquiète pas, c'est normal. Patiente le temps du nettoyage sans l'interrompre.
     
  • A la fin, un rapport va être généré (C:/USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.

 

--------------------------------------------------------------

 

Vaccination: Lance USBFIX et clique sur Vacciner

 

Désinstall:

 

Lance USBFIX et clique sur Désinstaller

 

Réactiver l'UAC sous Vista/7.

 

@++

  • Upvote 1
sylwya Mega Power Member

sylwya

Posté(e)
  • Auteur
Posté(e) (modifié)

Voici le rapport 1

 

############################## | UsbFix 7.045 | [Recherche]

 

Utilisateur: melun (Administrateur) # PC-DE-MELUN [Acer Aspire 5520]

Mis à jour le 15/05/2011 par TeamXscript

Lancé à 13:36:25 | 20/05/2011

Site Web: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contact: TeamXscript.ElDesaparecido@gmail.com

 

CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57

CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57

Microsoft® Windows Vista Édition Familiale Basique (6.0.6000 32-Bit) #

Internet Explorer 7.0.6000.16916

 

Pare-feu Windows: Activé

RAM -> 1790 Mo

A:\ -> Disque amovible # 1 Mo (1 Mo libre(s) - 100%) [] # FAT

C:\ (%systemdrive%) -> Disque fixe # 51 Go (19 Go libre(s) - 36%) [ACER] # NTFS

D:\ -> Disque fixe # 51 Go (49 Go libre(s) - 96%) [DATA] # NTFS

E:\ -> CD-ROM

F:\ -> Disque amovible # 490 Mo (485 Mo libre(s) - 99%) [VIDE] # FAT

 

################## | Éléments infectieux |

 

 

Présent! C:\Users\melun\Documents - Raccourci.lnk

 

################## | Registre |

 

Présent! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{21ed07b8-7ef3-11dd-9499-001b38ce6d82}

Shell\Auto\Command = AdobeR.exe e

Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

 

################## | Vaccin |

 

(!) Cet ordinateur n'est pas vacciné!

 

################## | E.O.F |

 

Et le rapport 2 de suppression

 

############################## | UsbFix 7.045 | [suppression]

 

Utilisateur: melun (Administrateur) # PC-DE-MELUN [Acer Aspire 5520]

Mis à jour le 15/05/2011 par TeamXscript

Lancé à 14:08:35 | 20/05/2011

Site Web: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php'>http://www.teamxscript.org/Upload.php

Contact: TeamXscript.ElDesaparecido@gmail.com

 

CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57

CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57

Microsoft® Windows Vista Édition Familiale Basique (6.0.6000 32-Bit) #

Internet Explorer 7.0.6000.16916

 

Pare-feu Windows: Activé

RAM -> 1790 Mo

A:\ -> Disque amovible # 1 Mo (1 Mo libre(s) - 100%) [] # FAT

C:\ (%systemdrive%) -> Disque fixe # 51 Go (19 Go libre(s) - 36%) [ACER] # NTFS

D:\ -> Disque fixe # 51 Go (49 Go libre(s) - 96%) [DATA] # NTFS

E:\ -> CD-ROM

F:\ -> Disque amovible # 490 Mo (485 Mo libre(s) - 99%) [VIDE] # FAT

 

################## | Éléments infectieux |

 

 

Supprimé! C:\Users\melun\Documents - Raccourci.lnk

Supprimé! C:\$RECYCLE.BIN\S-1-5-18

Supprimé! C:\$RECYCLE.BIN\S-1-5-20

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1868289357-2913572764-282034712-1000

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1868289357-2913572764-282034712-1001

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1868289357-2913572764-282034712-500

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1868289357-2913572764-282034712-1000

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1868289357-2913572764-282034712-1001

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1868289357-2913572764-282034712-500

 

################## | Registre |

 

Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

 

################## | Mountpoints2 |

 

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{21ed07b8-7ef3-11dd-9499-001b38ce6d82}

 

################## | Listing |

 

[24/01/2011 - 21:48:18 | D ] A:\Malwarebytes' Anti-Malware

[20/05/2011 - 14:10:05 | SHD ] C:\$RECYCLE.BIN

[01/02/2008 - 22:50:14 | D ] C:\Acer

[18/09/2006 - 23:43:36 | N | 24] C:\autoexec.bat

[07/02/2009 - 09:09:42 | D ] C:\Boonty

[19/05/2011 - 22:20:41 | SHD ] C:\Boot

[28/11/2007 - 08:42:57 | RASH | 443912] C:\bootmgr

[19/05/2011 - 22:09:21 | SHD ] C:\Config.Msi

[18/09/2006 - 23:43:37 | N | 10] C:\config.sys

[23/08/2008 - 20:08:10 | SH | 54] C:\desktop.ini

[02/11/2006 - 14:59:44 | SHD ] C:\Documents and Settings

[27/01/2008 - 19:41:51 | D ] C:\DRV

[20/05/2011 - 12:46:06 | ASH | 1877921792] C:\hiberfil.sys

[09/02/2008 - 20:58:04 | N | 0] C:\IO.SYS

[09/02/2008 - 20:58:04 | N | 0] C:\MSDOS.SYS

[04/11/2009 - 22:22:24 | D ] C:\My Videos

[19/04/2008 - 09:34:19 | D ] C:\MyWorks

[20/05/2011 - 12:46:05 | ASH | 2191851520] C:\pagefile.sys

[20/05/2011 - 09:01:40 | N | 512] C:\PhysicalDisk0_MBR.bin

[20/05/2011 - 13:03:39 | D ] C:\Program Files

[20/05/2011 - 12:44:02 | HD ] C:\ProgramData

[23/03/2008 - 13:11:34 | N | 268] C:\sqmdata00.sqm

[06/04/2008 - 16:06:28 | N | 268] C:\sqmdata01.sqm

[07/04/2008 - 06:46:04 | N | 292] C:\sqmdata02.sqm

[01/01/2009 - 00:04:55 | N | 268] C:\sqmdata03.sqm

[01/01/2009 - 07:25:20 | N | 268] C:\sqmdata04.sqm

[09/05/2009 - 19:58:55 | N | 268] C:\sqmdata05.sqm

[04/09/2009 - 09:24:17 | N | 268] C:\sqmdata06.sqm

[04/12/2009 - 20:39:15 | N | 268] C:\sqmdata07.sqm

[03/10/2010 - 17:12:25 | N | 268] C:\sqmdata08.sqm

[03/10/2010 - 19:42:49 | N | 268] C:\sqmdata09.sqm

[31/10/2010 - 12:54:42 | N | 268] C:\sqmdata10.sqm

[02/11/2010 - 09:34:57 | N | 268] C:\sqmdata11.sqm

[06/02/2011 - 13:11:02 | N | 268] C:\sqmdata12.sqm

[06/02/2011 - 14:01:51 | N | 268] C:\sqmdata13.sqm

[26/02/2011 - 14:20:11 | N | 268] C:\sqmdata14.sqm

[23/03/2008 - 13:11:34 | N | 244] C:\sqmnoopt00.sqm

[06/04/2008 - 16:06:28 | N | 244] C:\sqmnoopt01.sqm

[07/04/2008 - 06:46:04 | N | 244] C:\sqmnoopt02.sqm

[01/01/2009 - 00:04:55 | N | 244] C:\sqmnoopt03.sqm

[01/01/2009 - 07:25:20 | N | 244] C:\sqmnoopt04.sqm

[09/05/2009 - 19:58:55 | N | 244] C:\sqmnoopt05.sqm

[04/09/2009 - 09:24:17 | N | 244] C:\sqmnoopt06.sqm

[04/12/2009 - 20:39:15 | N | 244] C:\sqmnoopt07.sqm

[03/10/2010 - 17:12:25 | N | 244] C:\sqmnoopt08.sqm

[03/10/2010 - 19:42:49 | N | 244] C:\sqmnoopt09.sqm

[31/10/2010 - 12:54:42 | N | 244] C:\sqmnoopt10.sqm

[02/11/2010 - 09:34:57 | N | 244] C:\sqmnoopt11.sqm

[06/02/2011 - 13:11:02 | N | 244] C:\sqmnoopt12.sqm

[06/02/2011 - 14:01:50 | N | 244] C:\sqmnoopt13.sqm

[26/02/2011 - 14:20:11 | N | 244] C:\sqmnoopt14.sqm

[20/05/2011 - 07:42:17 | SHD ] C:\System Volume Information

[20/05/2011 - 14:10:05 | D ] C:\UsbFix

[20/05/2011 - 14:08:43 | A | 4539] C:\UsbFix.txt

[03/10/2010 - 17:03:48 | D ] C:\Users

[20/05/2011 - 14:07:31 | D ] C:\Windows

[20/05/2011 - 14:10:03 | SHD ] D:\$RECYCLE.BIN

[03/10/2010 - 19:33:05 | D ] D:\b90b11067d971854a210

[12/03/2009 - 18:51:48 | N | 1186] D:\budjet.lnk

[09/05/2009 - 19:52:15 | D ] D:\buffet

[11/09/2008 - 14:33:43 | N | 36667] D:\cousines.JPG

[07/02/2009 - 12:27:04 | D ] D:\cuisine

[06/02/2011 - 14:52:37 | N | 283] D:\DATA (D) - Raccourci.lnk

[27/01/2008 - 20:38:23 | D ] D:\erData

[31/10/2010 - 10:29:28 | D ] D:\famille

[22/03/2009 - 10:16:26 | D ] D:\film

[22/11/2008 - 14:10:57 | N | 452] D:\images.lnk

[21/06/2008 - 16:33:41 | N | 12976] D:\menu mariage sabine.mht

[09/05/2009 - 19:54:58 | D ] D:\Mes fichiers reçus

[23/08/2008 - 20:09:29 | D ] D:\peche

[15/09/2008 - 23:01:31 | D ] D:\PHOTO THOMAS ET GREG

[15/09/2008 - 22:29:42 | N | 18571] D:\robert_claudie_le_30_septembre_1967.jpg

[27/01/2008 - 20:18:34 | SHD ] D:\System Volume Information

[29/11/2008 - 11:16:39 | D ] D:\traveaux maison

[31/10/2010 - 10:06:18 | D ] D:\vacanceNouveau dossier

[24/01/2011 - 21:48:18 | D ] F:\Malwarebytes' Anti-Malware

 

################## | Vaccin |

 

A:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

F:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

 

################## | Upload |

 

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-MELUN.zip

http://www.teamxscript.org/Upload.php

Merci de votre contribution.

 

################## | E.O.F |

Modifié par sylwya
Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Poste un nouveau ZHPDiag stp.

 

@++

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re,

 

ZHPFix :

 

  • Ferme toutes les applications ouvertes
     
  • Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
    Important:
    Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
     
  • Copie les lignes ci-dessous dans la fenêtre

 

[HKCU\Software\eMule]    
[HKLM\Software\eMule]    
O43 - CFD: 31/05/2008 - 08:51:48 - [0] ----D- C:\Program Files\LphantBar    
O43 - CFD: 06/09/2008 - 15:51:38 - [0] ----D- C:\ProgramData\eMule   
O43 - CFD: 06/09/2008 - 16:16:02 - [128590] ----D- C:\Users\melun\AppData\Roaming\eMule    
O43 - CFD: 01/07/2008 - 13:52:28 - [1239473] ----D- C:\Users\melun\AppData\Roaming\LimeWire    
O43 - CFD: 06/09/2008 - 16:12:42 - [2336] ----D- C:\Users\melun\Appdata\Local\eMule    
O43 - CFD: 27/05/2008 - 21:22:54 - [18639] ----D- C:\Users\melun\Appdata\Local\Lphant 
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} Clé orpheline    
[HKCU\Software\AppDataLow\Software\SmartShopper]      
[HKCU\Software\ImInstaller]      
[HKLM\Software\ImInstaller]      
O64 - Services: CurCS - C:\Users\melun\AppData\Local\Temp\jatmlano.sys (.not file.) - jatmlano (jatmlano)  .(...) - LEGACY_JATMLANO    
[HKLM\Software\Classes\weatherdpa.weathercontroller]      
[HKLM\Software\Classes\weatherdpa.weathercontroller.1]    
emptytemp
emptyflash

 

  • Clique sur l'icone représentant la lettre H (« coller les lignes Helper »). Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le.
     
    Clique sur le bouton GO pour lancer le nettoyage

 

  • Valide par Oui la désinstallation des programmes si demandé
     
  • Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
     
  • Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
    Le rapport ZHPFixReport.txt est enregistré sous C:\Program files\ZHPDiag\ZHPFixReport.tx

  • Upvote 1

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...