Invasion pages pub 2ème édition plus adware.gen
Dernière réponse : dans Sécurité
bonjour, me voici une nouvelle fois sur le forum pour le même problème que la dernière fois mais cette fois ci pour l'ordi de mes parents.
j'ai téléchargé otl et vais poster le rapport
si vous avez d'autres propositions j'attends vos conseils
j'ai téléchargé otl et vais poster le rapport
si vous avez d'autres propositions j'attends vos conseils
Autres pages sur : invasion pages pub edition adware gen
Lassé par la pub ? Créez un compte
Bonsoir,
hé bien faudra aussi leur faire la leçon, réfléchir avant de cliquer !!!![:ange:]( ":ange:")
1) A désinstaller des programmes (si présent) :
- Conduit Engine
- eoEngine 11.2
- EoRezo 15.5
- EoWeather 6.0
- IncrediMail MediaBar 2 Toolbar (c'est elle qui a installé les adwares au dessus)
2) Relance OTL.exe
Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
Puis clique sur le bouton Correction en haut à gauche
Si le pc demande à redémarrer accepte.
Poste le rapport de suppression.
Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne.
Relance Ad-R :
/!\ Désactive tes protections résidentes : antivirus, antispyware ... Déconnecte-toi et ferme toutes les applications en cours (notamment ton navigateur)/!\
Lance-le via le raccourci Ad-R situé sur ton Bureau.
(Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Nettoyer, et valide avec "Oui"
A la fin, appuie sur une touche, un rapport apparaitra (sinon, il est situé ici C:\Ad-report-CLEAN[X].txt). Poste-le dans ta prochaine réponse
/!\ N'oublie pas de réactiver tes protections résidentes /!\
Ps : Process est détecté par certains antivirus (Antivir, DrWeb, Kaspersky) comme étant un programme malveillant, ce n'est pas le cas. Si tu as une alerte concernant ce fichier, n'empêche pas process de s'exécuter.
http://www.beyondlogic.org/consulting/processutil/proce...
hé bien faudra aussi leur faire la leçon, réfléchir avant de cliquer !!!
1) A désinstaller des programmes (si présent) :
- Conduit Engine
- eoEngine 11.2
- EoRezo 15.5
- EoWeather 6.0
- IncrediMail MediaBar 2 Toolbar (c'est elle qui a installé les adwares au dessus)
2) Relance OTL.exe
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
:OTL
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com?a=19emiPqulx0
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (EOBHO Class) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files (x86)\EoRezo\EoRezoBHO.dll (EoRezo)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [EoEngine] C:\Program Files (x86)\EoRezo\EoEngine.exe ()
O4 - HKLM..\Run: [eorezo] C:\Program Files (x86)\EoRezo\eorezo.exe (EoRezo)
O4 - HKLM..\Run: [EoWeather] File not found
O4 - HKLM..\RunOnce: [SoftwareHelper] C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (EoRezo)
[2011/08/12 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\mocquillon\AppData\Roaming\EoRezo
:Files
C:\Program Files (x86)\EoRezo
C:\Program Files (x86)\ConduitEngine
:Commands
[emptytemp]
[emptyflash]
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com?a=19emiPqulx0
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (EOBHO Class) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files (x86)\EoRezo\EoRezoBHO.dll (EoRezo)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [EoEngine] C:\Program Files (x86)\EoRezo\EoEngine.exe ()
O4 - HKLM..\Run: [eorezo] C:\Program Files (x86)\EoRezo\eorezo.exe (EoRezo)
O4 - HKLM..\Run: [EoWeather] File not found
O4 - HKLM..\RunOnce: [SoftwareHelper] C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (EoRezo)
[2011/08/12 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\mocquillon\AppData\Roaming\EoRezo
:Files
C:\Program Files (x86)\EoRezo
C:\Program Files (x86)\ConduitEngine
:Commands
[emptytemp]
[emptyflash]
Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne.
Relance Ad-R :
/!\ Désactive tes protections résidentes : antivirus, antispyware ... Déconnecte-toi et ferme toutes les applications en cours (notamment ton navigateur)/!\
(Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
/!\ N'oublie pas de réactiver tes protections résidentes /!\
Ps : Process est détecté par certains antivirus (Antivir, DrWeb, Kaspersky) comme étant un programme malveillant, ce n'est pas le cas. Si tu as une alerte concernant ce fichier, n'empêche pas process de s'exécuter.
http://www.beyondlogic.org/consulting/processutil/proce...
merci de ton aide
voici le rapport otl
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ not found.
C:\Program Files (x86)\EoRezo\EoRezoBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine deleted successfully.
File C:\Program Files (x86)\EoRezo\EoEngine.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eorezo deleted successfully.
File C:\Program Files (x86)\EoRezo\eorezo.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoWeather deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SoftwareHelper deleted successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Software folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download\itsTV\4.0.0.2202202 folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download\itsTV\4.0.0.1981982 folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download\itsTV folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather\images_station_meteo folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather\images_classic folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather\images folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\EoRezo folder moved successfully.
C:\Program Files (x86)\ConduitEngine folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mocquillon
->Temp folder emptied: 60387732 bytes
->Temporary Internet Files folder emptied: 119663487 bytes
->Google Chrome cache emptied: 36278796 bytes
->Flash cache emptied: 59375 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10108130 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67977 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 216,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: mocquillon
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08172011_152528
Files\Folders moved on Reboot...
C:\Users\mocquillon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DF593D4C316F0D8B74.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DF8020C2AB20208EC9.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFB26FE3CF8615674F.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFCA5861762E83C340.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFD1E1D8CFDBABCF7D.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFD6085E27886EAA4F.TMP not found!
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYFRPKK2\aff_frame[2].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYFRPKK2\like[3].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7O6F1SE6\aff_frame[2].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\forum2[2].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\OTL[1].exe moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\search_incredimail_com[3].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\search_incredimail_com[4].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...
voici le rapport otl
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ not found.
C:\Program Files (x86)\EoRezo\EoRezoBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine deleted successfully.
File C:\Program Files (x86)\EoRezo\EoEngine.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eorezo deleted successfully.
File C:\Program Files (x86)\EoRezo\eorezo.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoWeather deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SoftwareHelper deleted successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Software folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download\itsTV\4.0.0.2202202 folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download\itsTV\4.0.0.1981982 folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download\itsTV folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate\Download folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\SoftwareUpdate folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather\images_station_meteo folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather\images_classic folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather\images folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo\EoWeather folder moved successfully.
C:\Users\mocquillon\AppData\Roaming\EoRezo folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\EoRezo folder moved successfully.
C:\Program Files (x86)\ConduitEngine folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mocquillon
->Temp folder emptied: 60387732 bytes
->Temporary Internet Files folder emptied: 119663487 bytes
->Google Chrome cache emptied: 36278796 bytes
->Flash cache emptied: 59375 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10108130 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67977 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 216,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: mocquillon
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08172011_152528
Files\Folders moved on Reboot...
C:\Users\mocquillon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DF593D4C316F0D8B74.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DF8020C2AB20208EC9.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFB26FE3CF8615674F.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFCA5861762E83C340.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFD1E1D8CFDBABCF7D.TMP not found!
File\Folder C:\Users\mocquillon\AppData\Local\Temp\~DFD6085E27886EAA4F.TMP not found!
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYFRPKK2\aff_frame[2].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYFRPKK2\like[3].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7O6F1SE6\aff_frame[2].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\forum2[2].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\OTL[1].exe moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\search_incredimail_com[3].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Z9TEXCY\search_incredimail_com[4].htm moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\mocquillon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...
et le rapport ad -remover
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 15:51:53 le 17/08/2011, Mode normal
Microsoft Windows 7 Édition Familiale Premium (X64)
mocquillon@MOCQUILLON-TOSH (TOSHIBA Satellite C660D)
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [8.0.7600.16385] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0365704D-3ED9-44FF-BD51-7AFC5DA767EB} - "eBay" (hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{29C03171-B069-4E99-8183-F4FB3DF4022A} - "?" (?)
HKCU_SearchScopes\{E012E748-11FC-4846-B162-744D045A0ABA} - "?" (?)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files (x86)\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{EE0DF950-5C7F-4261-8CFA-AE01D71FD9BD} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\SetupUtility.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\MTSProc.exe (<TOSHIBA>)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - "TOSHIBA Media Controller Plug-in" (C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 17 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 17/08/2011 15:44:38 (3969 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 17/08/2011 15:52:05 (3211 Octet(s))
C:\Ad-Report-SCAN[1].txt - 12/08/2011 15:47:06 (8916 Octet(s))
C:\Ad-Report-SCAN[2].txt - 17/08/2011 15:40:31 (3606 Octet(s))
C:\Ad-Report-SCAN[3].txt - 17/08/2011 15:42:05 (3671 Octet(s))
Fin à: 15:53:10, 17/08/2011
============== E.O.F ==============
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 15:51:53 le 17/08/2011, Mode normal
Microsoft Windows 7 Édition Familiale Premium (X64)
mocquillon@MOCQUILLON-TOSH (TOSHIBA Satellite C660D)
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [8.0.7600.16385] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0365704D-3ED9-44FF-BD51-7AFC5DA767EB} - "eBay" (hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{29C03171-B069-4E99-8183-F4FB3DF4022A} - "?" (?)
HKCU_SearchScopes\{E012E748-11FC-4846-B162-744D045A0ABA} - "?" (?)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files (x86)\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{EE0DF950-5C7F-4261-8CFA-AE01D71FD9BD} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\SetupUtility.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\MTSProc.exe (<TOSHIBA>)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - "TOSHIBA Media Controller Plug-in" (C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 17 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 17/08/2011 15:44:38 (3969 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 17/08/2011 15:52:05 (3211 Octet(s))
C:\Ad-Report-SCAN[1].txt - 12/08/2011 15:47:06 (8916 Octet(s))
C:\Ad-Report-SCAN[2].txt - 17/08/2011 15:40:31 (3606 Octet(s))
C:\Ad-Report-SCAN[3].txt - 17/08/2011 15:42:05 (3671 Octet(s))
Fin à: 15:53:10, 17/08/2011
============== E.O.F ==============
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:47:01 le 12/08/2011, Mode normal
Microsoft Windows 7 Édition Familiale Premium (X64)
mocquillon@MOCQUILLON-TOSH (TOSHIBA Satellite C660D)
============== RECHERCHE ==============
Dossier trouvé: C:\Users\mocquillon\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files (x86)\Conduit
Dossier trouvé: C:\Users\mocquillon\AppData\LocalLow\ConduitEngine
Dossier trouvé: C:\Program Files (x86)\ConduitEngine
Dossier trouvé: C:\Users\mocquillon\AppData\Roaming\EoRezo
Dossier trouvé: C:\Users\mocquillon\AppData\Local\EoRezo
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EoRezo
Dossier trouvé: C:\Program Files (x86)\EoRezo
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{6108CFA9-6444-4D64-9827-DDF0CA1063EF}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6108CFA9-6444-4D64-9827-DDF0CA1063EF}
Clé trouvée: HKLM\Software\Classes\CLSID\{9C5A9755-94DE-4529-8BB6-159C2FA45737}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9C5A9755-94DE-4529-8BB6-159C2FA45737}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5A9755-94DE-4529-8BB6-159C2FA45737}
Clé trouvée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKLM\Software\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Clé trouvée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO
Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2724386
Clé trouvée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\EoRezo
Clé trouvée: HKCU\Software\EoRezo
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6681ABAE-1FEC-4C65-8F79-DB84385C76EF}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB59449A-C9D6-4363-AEB8-321B259A13EE}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoEngine_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoWeather_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HWSetup
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoweather
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [8.0.7600.16385] ****
HKCU_Main|Default_Page_URL - hxxp://toshiba.msn.com
HKCU_Main|Search bar - hxxp://g.msn.fr/0SEFRFR/SAOS02
HKCU_Main|Search Page - hxxp://home.microsoft.com/access/allinone.asp
HKCU_Main|Start Page - hxxp://mystart.incredimail.com?a=19emiPqulx0
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKLM_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKCU_SearchScopes\{0365704D-3ED9-44FF-BD51-7AFC5DA767EB} - "eBay" (hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{29C03171-B069-4E99-8183-F4FB3DF4022A} - "?" (?)
HKCU_SearchScopes\{E012E748-11FC-4846-B162-744D045A0ABA} - "?" (?)
HKCU_Toolbar\WebBrowser|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll)
HKLM_Toolbar|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{6681ABAE-1FEC-4C65-8F79-DB84385C76EF} - C:\Program Files (x86)\IncrediMail_MediaBar_2\IncrediMail_MediaBar_2ToolbarHelper.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files (x86)\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{EE0DF950-5C7F-4261-8CFA-AE01D71FD9BD} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\SetupUtility.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\MTSProc.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{FB59449A-C9D6-4363-AEB8-321B259A13EE} - C:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe (?)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - "EOBHO Class" (C:\Program Files (x86)\EoRezo\EoRezoBHO.dll)
BHO\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
BHO\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - "TOSHIBA Media Controller Plug-in" (C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 12/08/2011 15:47:06 (8778 Octet(s))
Fin à: 15:47:59, 12/08/2011
============== E.O.F ==============
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:47:01 le 12/08/2011, Mode normal
Microsoft Windows 7 Édition Familiale Premium (X64)
mocquillon@MOCQUILLON-TOSH (TOSHIBA Satellite C660D)
============== RECHERCHE ==============
Dossier trouvé: C:\Users\mocquillon\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files (x86)\Conduit
Dossier trouvé: C:\Users\mocquillon\AppData\LocalLow\ConduitEngine
Dossier trouvé: C:\Program Files (x86)\ConduitEngine
Dossier trouvé: C:\Users\mocquillon\AppData\Roaming\EoRezo
Dossier trouvé: C:\Users\mocquillon\AppData\Local\EoRezo
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EoRezo
Dossier trouvé: C:\Program Files (x86)\EoRezo
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{6108CFA9-6444-4D64-9827-DDF0CA1063EF}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6108CFA9-6444-4D64-9827-DDF0CA1063EF}
Clé trouvée: HKLM\Software\Classes\CLSID\{9C5A9755-94DE-4529-8BB6-159C2FA45737}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9C5A9755-94DE-4529-8BB6-159C2FA45737}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5A9755-94DE-4529-8BB6-159C2FA45737}
Clé trouvée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé trouvée: HKLM\Software\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé trouvée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Clé trouvée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO
Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2724386
Clé trouvée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\EoRezo
Clé trouvée: HKCU\Software\EoRezo
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6681ABAE-1FEC-4C65-8F79-DB84385C76EF}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB59449A-C9D6-4363-AEB8-321B259A13EE}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoEngine_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoWeather_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HWSetup
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoweather
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [8.0.7600.16385] ****
HKCU_Main|Default_Page_URL - hxxp://toshiba.msn.com
HKCU_Main|Search bar - hxxp://g.msn.fr/0SEFRFR/SAOS02
HKCU_Main|Search Page - hxxp://home.microsoft.com/access/allinone.asp
HKCU_Main|Start Page - hxxp://mystart.incredimail.com?a=19emiPqulx0
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKLM_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKCU_SearchScopes\{0365704D-3ED9-44FF-BD51-7AFC5DA767EB} - "eBay" (hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{29C03171-B069-4E99-8183-F4FB3DF4022A} - "?" (?)
HKCU_SearchScopes\{E012E748-11FC-4846-B162-744D045A0ABA} - "?" (?)
HKCU_Toolbar\WebBrowser|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll)
HKLM_Toolbar|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{6681ABAE-1FEC-4C65-8F79-DB84385C76EF} - C:\Program Files (x86)\IncrediMail_MediaBar_2\IncrediMail_MediaBar_2ToolbarHelper.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files (x86)\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{EE0DF950-5C7F-4261-8CFA-AE01D71FD9BD} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\SetupUtility.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\MTSProc.exe (<TOSHIBA>)
HKLM_ElevationPolicy\{FB59449A-C9D6-4363-AEB8-321B259A13EE} - C:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe (?)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - "EOBHO Class" (C:\Program Files (x86)\EoRezo\EoRezoBHO.dll)
BHO\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - "IncrediMail MediaBar 2 Toolbar" (C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll)
BHO\{F3C88694-EFFA-4d78-B409-54B7B2535B14} - "TOSHIBA Media Controller Plug-in" (C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 12/08/2011 15:47:06 (8778 Octet(s))
Fin à: 15:47:59, 12/08/2011
============== E.O.F ==============
![[:_tom_:7]](http://m.bestofmedia.com/sfp/design/usr/fr/smilies/bd/ec/_tom_:7.gif "[:_tom_:7]")
Lassé par la pub ? Créez un compte
- Contenus similaires :
