voici le rapport,(quel boulot) il faut avoir une formation informatique pour pouvoir faire ces analyses complètes
------- LOGFILE OF AD-REMOVER 1.1.3.9 | ONLY XP/VISTA -------
Updated by C_XX on 16/05/2009 at 21:15
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
**** LIMITED TO ****
Known Adwares
Eorezo
It's TV
********************
Start at: 15:55:13, 17/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft
Windows XP
Service Pack 2 V5.1.2600
Computer Name: BRETCH
Current User: Franck - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
(!) -- D:\Documents and Settings\Administrateur\Ntuser.dat Loaded as: 'HKU\Administrateur'
(!) -- D:\Documents and Settings\C‚cile\Ntuser.dat Loaded as: 'HKU\C‚cile'
(!) -- D:\Documents and Settings\C‚cile.BRETCH\Ntuser.dat Loaded as: 'HKU\C‚cile.BRETCH'
(!) -- D:\Documents and Settings\C‚cile.BRETCH.000\Ntuser.dat Loaded as: 'HKU\C‚cile.BRETCH.000'
(!) -- D:\Documents and Settings\LocalService.AUTORITE NT\Ntuser.dat Loaded as: 'HKU\LocalService.AUTORITE NT'
(!) -- D:\Documents and Settings\NetworkService.AUTORITE NT.000\Ntuser.dat Loaded as: 'HKU\NetworkService.AUTORITE NT.000'
(!) -- D:\Documents and Settings\va\Ntuser.dat Loaded as: 'HKU\va'
(!) -- D:\Documents and Settings\va.BRETCH\Ntuser.dat Loaded as: 'HKU\va.BRETCH'
(!) -- IE start pages/Tabs reset
============ Known Adwares Deleted ============
.
HKLM\Software\Conduit
HKLM\Software\Trymedia Systems
.
D:\Documents and Settings\Franck.BRETCH\Application Data\Mozilla\Firefox\Profiles\zi67z63l.default\EBSuggestHistory
C:\Program Files\Conduit
D:\Documents and Settings\Franck.BRETCH\Application Data\Mozilla\Firefox\Profiles\zi67z63l.default\searchplugins\conduit.xml
+-----------------| Eorezo Elements Deleted :
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Program Files\EoRezo
D:\Documents and Settings\Franck.BRETCH\Application Data\EoRezo
+-----------------| It's TV Elements Deleted :
HKCU\Software\ItsLabel
.
D:\Documents and Settings\Franck.BRETCH\Application Data\ItsLabel
D:\Documents and Settings\va.BRETCH\Application Data\ItsLabel
(!) -- Temp files deleted.
(!) -- Recycle bin emptied in all drives.
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.10 ----
ProfilePath: zi67z63l.default (Franck)
.
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.
(Prefs.js) Removed: user_pref("CT1434207.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
(Prefs.js) Removed: user_pref("CT1434207.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
(Prefs.js) Removed: user_pref("CT1434207.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=2&q=");
(Prefs.js) Removed: user_pref("CT1434207.Server", "hxxp://users.conduit.com");
(Prefs.js) Removed: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=");
---- Internet Explorer Version 6.0.2900.2180 ----
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_USERS\S-1-5-21-1749415791-4036578717-2932544989-1006\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
=========== Suspicious ==========
+---------------------------------------------------------------------------+
5083 Byte(s) - C:\Ad-Report-Clean-17.05.2009.log
4774 Byte(s) - C:\Ad-Report-Scan-17.05.2009.log
20 File(s) - C:\Program Files\Ad-remover\BACKUP
1 File(s) - C:\Program Files\Ad-remover\QUARANTINE
End at: 16:01:52 | 17/05/2009
.
+-----------------| E.O.F
.