[résolu par shion-ares - 16/09/10] PC lent au démarrage + EoRezo

[shion-ares]

Bonjour,

mon ordinateur présente des lenteurs au démarrage.
Il ne me sert que pour faire du montage vidéo. Je sais qu'il n'est plus très jeune (2003), mais il est suffisant pour cette utilisation.
J'ai désinstallé les programmes que je n'utilisais pas, j'ai cherché du côté matériel (avec un scandisk avec cd xp en mode console), remplacé les barettes mémoires pour le pousser à 1Go (j'étais à 512 auparavant), mais ça ne l'a pas accéléré pour autant.

Suite à la formation entreprise chez vous, je me suis intéressé au MsConfig, et j'ai remarqué une ligne présentant un EoRezo.
J'ai utilisé l'outil AD-R pour en avoir le coeur net, et effectivement on le voit dans le rapport.
Que faire maintenant ? Dois je faire Nettoyer ou utiliser un autre outil pour éradiquer la "bête" ?
J'attends vos recommandations, quitte à passer par une autre étape auparavant.
Merci de votre aide
Cordialement

Le Rapport

======= RAPPORT D'AD-REMOVER 2.0.0.1,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 06/09/10 à 15:20
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:51:40 le 07/09/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Sandrine@NOEL2003 ( )

============== RECHERCHE ==============


0,Dossier trouvé: C:\Documents and Settings\Sandrine\Application Data\EoRezo
0,Dossier trouvé: C:\Program Files\Viewpoint

1,Clé trouvée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé trouvée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé trouvée: HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
1,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
1,Clé trouvée: HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
0,Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
0,Clé trouvée: HKLM\Software\Classes\EoRezoBHO.EoBHO
0,Clé trouvée: HKLM\Software\Classes\EoRezoBHO.EoBHO.1
0,Clé trouvée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL
1,Clé trouvée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
0,Clé trouvée: HKLM\Software\EoRezo
0,Clé trouvée: HKLM\Software\MetaStream
0,Clé trouvée: HKLM\Software\Viewpoint
0,Clé trouvée: HKCU\Software\EoRezo
0,Clé trouvée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Eoengine
0,Clé trouvée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Eowiki
0,Clé trouvée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Softwarehelper
0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
0,Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
0,Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

0,Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
0,Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
0,Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [7.0.5730.11] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: no
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.cooxer.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: hxxp://y.lo.st
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 07/09/2010 (2892 Octet(s))

Fin à: 13:57:12, 07/09/2010

============== E.O.F ==============

[shion-ares]

bonjour

fait applique ceci stp

Sous VISTA ou Windows 7

==> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection)

Tutoriel pour Vista

Tutoriel pour Windows 7

• Télécharge AD-Remover (de C_XX) sur ton Bureau.
• Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.
• Déconnecte toi et ferme toutes les applications en cours
• Double-clique sur l'icône AD-Remover, le programme s'installera automatiquement.
• Sous Vista et Windows 7 : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
• Au menu principal, clique sur "Nettoyer".
• Confirme le lancement de l'analyse et laisse l'outil travailler.
• Une fois le nettoyage terminé, AD-Remover te demandera de redémarrer l'ordinateur pour finaliser le nettoyage.. Clique sur Oui.
• Ensuite poste le rapport qui est sauvegardé à cet endroit C:\Ad-Report-CLEAN[1].txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutoriel pour t'aider

Ensuite

• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Sous Windows 7 : Suivre ce tutoriel pour rendre RSIT compatible avec Windows 7.
• Ensuite double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Tutoriel illustré pour t'aider

Comment héberger les rapports trop longs de RSIT

[did85]

Bonjour shion-ares,
merci de m'apporter ton aide.

Voici le rapport de AD-R Scan :

======= RAPPORT D'AD-REMOVER 2.0.0.1,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 06/09/10 à 15:20
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:43:32 le 07/09/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Sandrine@NOEL2003 ( )

============== ACTION(S) ==============


0,Dossier supprimé: C:\Documents and Settings\Sandrine\Application Data\EoRezo
0,Dossier supprimé: C:\Program Files\Viewpoint

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
1,Clé supprimée: HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
0,Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBHO
0,Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBHO.1
0,Clé supprimée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
0,Clé supprimée: HKLM\Software\EoRezo
0,Clé supprimée: HKLM\Software\MetaStream
0,Clé supprimée: HKLM\Software\Viewpoint
0,Clé supprimée: HKCU\Software\EoRezo
0,Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Eoengine
0,Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Eowiki
0,Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Softwarehelper
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
0,Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
0,Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [7.0.5730.11] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: no
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 132 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 07/09/2010 (4197 Octet(s))
C:\Ad-Report-SCAN[1].txt - 07/09/2010 (4081 Octet(s))

Fin à: 14:50:27, 07/09/2010

============== E.O.F ==============

[shion-ares]

Re,

ok parfait j'attends le rapport RSIT maintenant

[did85]

Ensuite, le fichier log de RSIT :
http://forum-aide-contre-virus.be/Uploader/dld.php?i=42072814-f7c2-43c9-8556-9afa6b2f3916

Et le fichier info :
http://forum-aide-contre-virus.be/Uploader/dld.php?i=072d8d20-6191-4d18-8873-6ba51ff27932

Encore merci de ton aide
Cordialement
Did85

[shion-ares]

Re,

bon télécharge hijackthis installe le mais ne le lance pas

http://www.01net.com/telecharger/window ... 29061.html

ensuite refait un rapport avec rsit tu n'aura qu'un seul rapport poste le moi stp

[did85]

shion-ares,
j'avais bien compris que RSIT fonctionnait avec Hijackthis.
Je l'ai donc installé avant d'utiliser RSIT.
Dois-je les réinstaller de nouveau ?
Si oui, alors de désinstaller avant tout est utiliser ton lien pour le télécharger de nouveau ?
Je peux te faire un rapport Hijackthis pour te montrer qu'il est présent et installé sur le pc.

J'attends ta réponse avant de poursuivre.
Merci

[did85]

c'est moi de nouveau,
j'ai relancé RSIT en laissant la version de Hijackthis que j'avais d'installer et effectivement je n'ai eu qu'un rapport log.txt que je te poste.
J'espère que c'est le bon rapport que tu attendais, si ce n'était pas le cas, je recommencerai avec tes instructions.
Cordialement


Logfile of random's system information tool 1.08 (written by random/random)
Run by Sandrine at 2010-09-07 15:18:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 43 GB (62%) free of 70 GB
Total RAM: 1023 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2003-10-13 151597]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Configuration de la C-BOX"=C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe [2004-12-21 395264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
c:\apps\easydvd\cleanall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-09-28 700416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe [2003-12-04 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2003-10-13 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [2003-08-13 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~4.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
C:\PROGRA~1\SAGEM-~1.11G\WLANUTL.exe [2004-09-15 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2002-01-18 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=57344
"NoDriveAutoRun"=57344
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\Sandrine\Local Settings\Temp\7zS5.tmp\SymNRT.exe"="C:\Documents and Settings\Sandrine\Local Settings\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\Sandrine\Local Settings\Temp\7zS7.tmp\SymNRT.exe"="C:\Documents and Settings\Sandrine\Local Settings\Temp\7zS7.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\Sandrine\Local Settings\Temp\7zS36.tmp\SymNRT.exe"="C:\Documents and Settings\Sandrine\Local Settings\Temp\7zS36.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-09-07 14:55:41 ----D---- C:\rsit
2010-09-07 14:55:18 ----D---- C:\Program Files\Trend Micro
2010-09-07 13:51:48 ----A---- C:\Ad-Report-SCAN[1].txt
2010-09-07 13:51:36 ----D---- C:\Program Files\Ad-Remover
2010-09-07 13:38:08 ----D---- C:\Program Files\VS Revo Group
2010-08-27 09:33:14 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-27 09:33:14 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-27 09:33:13 ----A---- C:\WINDOWS\system32\java.exe
2010-08-12 17:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 17:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 17:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 17:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 17:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 17:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 22:04:13 ----D---- C:\3a7935038ed85e52016d29
2010-08-11 22:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 22:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

======List of files/folders modified in the last 1 months======

2010-09-07 15:18:01 ----D---- C:\WINDOWS\Prefetch
2010-09-07 15:14:39 ----D---- C:\WINDOWS\Temp
2010-09-07 14:58:13 ----SD---- C:\WINDOWS\Tasks
2010-09-07 14:55:24 ----SHD---- C:\WINDOWS\Installer
2010-09-07 14:55:21 ----SD---- C:\Documents and Settings\Sandrine\Application Data\Microsoft
2010-09-07 14:55:18 ----RD---- C:\Program Files
2010-09-07 14:54:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-07 14:51:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-07 13:40:41 ----D---- C:\WINDOWS
2010-09-07 13:40:38 ----D---- C:\Program Files\Adobe
2010-09-07 13:25:46 ----SHD---- C:\System Volume Information
2010-09-07 13:25:46 ----D---- C:\WINDOWS\system32\Restore
2010-09-07 10:16:25 ----D---- C:\Program Files\Google
2010-09-07 10:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-09-07 09:35:56 ----D---- C:\Program Files\Fichiers communs
2010-09-07 09:32:13 ----D---- C:\Program Files\Microsoft Office
2010-09-07 09:31:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-07 09:25:25 ----D---- C:\WINDOWS\system32\drivers
2010-09-07 09:25:25 ----D---- C:\Program Files\Norton Security Scan
2010-09-07 09:25:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-09-07 09:22:48 ----D---- C:\WINDOWS\system32
2010-09-07 09:22:34 ----D---- C:\WINDOWS\system32\CBA
2010-08-27 09:36:18 ----D---- C:\Program Files\Fichiers communs\Java
2010-08-27 09:33:07 ----D---- C:\Program Files\Java
2010-08-24 19:42:57 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-08-22 10:05:27 ----HD---- C:\WINDOWS\inf
2010-08-13 21:19:19 ----D---- C:\WINDOWS\Debug
2010-08-12 17:48:22 ----D---- C:\Program Files\Internet Explorer
2010-08-12 17:18:46 ----D---- C:\WINDOWS\system32\fr-fr
2010-08-12 17:17:48 ----D---- C:\WINDOWS\ie7updates
2010-08-12 17:17:15 ----A---- C:\WINDOWS\imsins.BAK
2010-08-12 17:16:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 22:03:56 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtre de bus AGP Intel; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-07-30 17168]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-08-07 36608]
R0 SiSide;SiSide; C:\WINDOWS\System32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2010-04-28 54760]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-09-02 15781]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 611328]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-08-04 33588]
S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NetMate;CATC USB/Ethernet Link device driver; C:\WINDOWS\System32\DRIVERS\netmate2.sys [2000-04-25 35694]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\WlanUIG.sys [2004-09-02 379456]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-04 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-09-12 114688]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

[shion-ares]

Re,

laisse tomber

HijackThis download failed

on va passer sur un autre

Utilises ce logiciel de diagnostic :

• Télécharges ZHPDiag
• Laisses toi guider lors de l'installation, il se lancera automatiquement à la fin.
• Cliques sur l'icône représentant une loupe (« Lancer le diagnostic »)
• Enregistres le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
• Héberges le rapport ZHPDiag.txt sur ce site, puis copies/colles le lien fourni dans ta prochaine réponse sur le forum.

[did85]

Navré pour ce contre-temps,
je pensais bien que RSIT verrait Hijackthis d'installé : dommage.
Il est vrai que le PC n'est pas connecté à internet, je travaille sur un autre pour t'envoyer les rapports.

J'ai fais ce que tu as demandé avec ZHP, voici le rapport
Merci

http://www.cijoint.fr/cjlink.php?file=cj201009/cijhxpFuIg.txt

[shion-ares]

parfait le temps que j'analyse fait ceci STP

• Télécharge Malwarebytes
  
• Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
  
• Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
  
• Lance une analyse complète en cliquant sur "Exécuter un examen complet"
  
• Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
  
• L'analyse peut durer un bon moment.....
  
• Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
  
• Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
  
• Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée

[did85]

Bonsoir,
je ne t'ai pas oublié, j'ai lancé Malwarebyte depuis 2h et ce n'est pas terminé.
Je reviens quand c'est fini et le rapport édité.
Merci et à plus tard

[did85]

voila, en espérant que cela puisse t'aider le rapport de Malwarebyte's
Merci

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2421
Windows 5.1.2600 Service Pack 3

15/07/2009 13:59:33
mbam-log-2009-07-15 (13-59-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 123565
Temps écoulé: 1 hour(s), 0 minute(s), 19 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 36
Fichier(s) infecté(s): 64

Processus mémoire infecté(s):
C:\Documents and Settings\Sandrine\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bed0340-176b-44bc-915e-c21c1dd6f617} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware370 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware370 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Adware.EoRezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\program files\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware370\bin (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware370\icons (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\contexts (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Lyrics_FR (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Manager (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Marketing4 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\marketing4\images (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\marketing4\images\active (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\marketing4\images\default (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Music_Search_FR (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Radio_FR (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\screensaversmarketingsitepager\images (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\screensaversmarketingsitepager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\screensaversmarketingsitepager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Sandrine\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Starware370\bin\Starware370.dll (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\EoRezo\softwareupdate\SoftwareUpdate.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\program files\starware370\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware370\Starware370Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware370\Starware370Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware370\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware370\icons\Thumbs.db (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\findit_music.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\lyrics.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\music_search.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\radio.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\buttons\Thumbs.db (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\simpleupdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\simpleupdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\simpleupdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\simpleupdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware370\simpleupdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\browsersearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\browsersearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\errorsearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\errorsearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\lyrics_fr\Lyrics_FROptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\lyrics_fr\Lyrics_FROptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\marketing4\Marketing4Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\marketing4\Marketing4Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\marketing4\images\active\Marketing40.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\music_search_fr\Music_Search_FROptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\music_search_fr\Music_Search_FROptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Radio_FR\Radio_FROptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Radio_FR\Radio_FROptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\relatedsearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\relatedsearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\screensaversmarketingsitepager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\screensaversmarketingsitepager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\screensaversmarketingsitepager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\toolbarlogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\toolbarlogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\toolbarsearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\Sandrine\application data\starware370\toolbarsearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

[shion-ares]

bonjour

OK tres bien mais je note que MBAM tu a la version 1.39 alors que nous sommes a la version 1.46

re-ouvre MBAM clic sur mise a jours ensuite refait moi un nouveau MBAM STP

[did85]

Bonjour Shion-Ares
Je ne sais pas ce que j'ai traficoté hier avec le rapport,voici le nouveau
Merci


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4562

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

08/09/2010 13:14:38
mbam-log-2010-09-08 (13-14-38).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 222829
Temps écoulé: 1 heure(s), 32 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Masta (Dialer.Premium) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\UnInstall.log (Extension.Mismatch) -> Quarantined and deleted successfully.