Pc infecté demande d'aide
Résolu
tzai
Messages postés
49
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un portable Hp sous Vista Premium.
Il est bourré de malware, la connexion Internet n'est plus possible et l'installation de programme semble bloquée aussi.
Merci de me venir en aide.
J'ai un portable Hp sous Vista Premium.
Il est bourré de malware, la connexion Internet n'est plus possible et l'installation de programme semble bloquée aussi.
Merci de me venir en aide.
A voir également:
- Pc infecté demande d'aide
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
25 réponses
Merci Sasa7795 pour ta réponse.
N'y aurait-il pas un anti-quelque chose que je pourrais installer sur un cd et le booter au démarrage ?
PArce que ta réponse me parait un peu radicale.
Merci
N'y aurait-il pas un anti-quelque chose que je pourrais installer sur un cd et le booter au démarrage ?
PArce que ta réponse me parait un peu radicale.
Merci
salut n'importe quoi !! c'est incroyable de lire des reponses pareilles !!!
drôle d'aide : Formate ptdr !!!
=========================================
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans les 6 onglets de la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
drôle d'aide : Formate ptdr !!!
=========================================
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans les 6 onglets de la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Bonjour,
Merci gen-hackman,
Je ne peux installer OTL
Une petite fenêtre s'affiche où c'est écrit :
Virus alert!
Application can't be started!
The file otl.exe is damaged.
Do you want to activate your antivirus software now?
Et il y a deux boutons dessous : oui non
ça commence fort j'ai l'impression
Merci gen-hackman,
Je ne peux installer OTL
Une petite fenêtre s'affiche où c'est écrit :
Virus alert!
Application can't be started!
The file otl.exe is damaged.
Do you want to activate your antivirus software now?
Et il y a deux boutons dessous : oui non
ça commence fort j'ai l'impression
ok j'ai compris :
option 2 puis option 4 de ca :
https://www.luanagames.com/index.fr.html
===================================
ensuite :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
option 2 puis option 4 de ca :
https://www.luanagames.com/index.fr.html
===================================
ensuite :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici les rapports
http://www.cijoint.fr/cjlink.php?file=cj201102/cijS4T7obg.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijuBKLiWR.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijU41Uvtq.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijHnjx0WL.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijS4T7obg.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijuBKLiWR.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijU41Uvtq.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijHnjx0WL.txt
ok
1/...
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
PROC:networker.exe
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "warn default inter for"
FILE:C:\ProgramData\date info heck.*
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Bags sign"
FILE:C:\ProgramData\beepboltbolt.*
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vc log bows face"
FILE:C:\ProgramData\proxy mpeg bird.*
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IP Network"
FILE:C:\Program Files\InstallPedia
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30F9B915-B755-4826-820B-08FBA6BD249D}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
REM:"HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
REM:"HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}"
REM:"HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}"
REM:"HKEY_CLASSES_ROOT\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
REM:"HKEY_CLASSES_ROOT\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
REM:HKEY_CURRENT_USER\software\Ask.com
REM:HKEY_CURRENT_USER\software\AutocompletePro
REM:HKEY_CURRENT_USER\software\AutocompleteProBHO
REM:HKEY_CURRENT_USER\software\FBSearch
REM:HKEY_CURRENT_USER\software\g043oqxanu
REM:HKEY_CURRENT_USER\software\SGPUpdater
REM:HKEY_LOCAL_MACHINE\software\Conduit
REM:HKEY_LOCAL_MACHINE\software\conduitEngine
REM:HKEY_LOCAL_MACHINE\software\InstallPedia
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
========================================
2 /.....
▶ Télécharge ici : Ad-remover sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
========================================
3/.....
telecharge et installe fixLop et fais "Suppression" puis poste le rapport
http://security-domain.be/software/FixLop.html
=======================================
4/....
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
1/...
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
PROC:networker.exe
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "warn default inter for"
FILE:C:\ProgramData\date info heck.*
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Bags sign"
FILE:C:\ProgramData\beepboltbolt.*
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "vc log bows face"
FILE:C:\ProgramData\proxy mpeg bird.*
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IP Network"
FILE:C:\Program Files\InstallPedia
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30F9B915-B755-4826-820B-08FBA6BD249D}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
REM:"HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
REM:"HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}"
REM:"HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}"
REM:"HKEY_CLASSES_ROOT\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
REM:"HKEY_CLASSES_ROOT\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
REM:HKEY_CURRENT_USER\software\Ask.com
REM:HKEY_CURRENT_USER\software\AutocompletePro
REM:HKEY_CURRENT_USER\software\AutocompleteProBHO
REM:HKEY_CURRENT_USER\software\FBSearch
REM:HKEY_CURRENT_USER\software\g043oqxanu
REM:HKEY_CURRENT_USER\software\SGPUpdater
REM:HKEY_LOCAL_MACHINE\software\Conduit
REM:HKEY_LOCAL_MACHINE\software\conduitEngine
REM:HKEY_LOCAL_MACHINE\software\InstallPedia
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
========================================
2 /.....
▶ Télécharge ici : Ad-remover sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
========================================
3/.....
telecharge et installe fixLop et fais "Suppression" puis poste le rapport
http://security-domain.be/software/FixLop.html
=======================================
4/....
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
Bonjour gen_hackman
Voici les différents rapports et le dossier zip que tu as demandé hier.
Merci
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Marlène (Administrateurs)
Update on 16/02/2011 by g3n-h@ckm@n ::::: 04.00
Start at: 18:52:29 | 16/02/2011
Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.19019
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 232,88 Go (98,85 Go free) | NTFS
D:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" : "IP Network"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30F9B915-B755-4826-820B-08FBA6BD249D}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
Deleted : HKEY_LOCAL_MACHINE\software\InstallPedia
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
Deleted !! : C:\ProgramData\date info heck.*
Deleted !! : C:\ProgramData\beepboltbolt.*
Deleted !! : C:\ProgramData\proxy mpeg bird.*
Deleted !! : C:\Program Files\InstallPedia
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
End at 19:00:40
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 16/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 16:36:13 le 17/02/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
Marlène@PC-DE-MARLÈNE (Hewlett-Packard HP Pavilion dv6500 Notebook PC)
============== ACTION(S) ==============
Service: "IP netservices" Stoppé et supprimé
Dossier supprimé: C:\Program Files\InstallPedia
Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Fichier supprimé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
Fichier supprimé: C:\Windows\system32\Utils.dll
Dossier supprimé: C:\Users\Marlène\AppData\Roaming\Mozilla\FireFox\Profiles\w61geaxt.default\extensions\engine@conduit.com
Dossier supprimé: C:\Program Files\Ask.com
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\AskToolbar
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\AutocompletePro
Dossier supprimé: C:\Users\Marlène\AppData\Roaming\DesktopIcon
Dossier supprimé: C:\Program Files\Fast Browser Search
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Program Files\Search Guard Plus
Dossier supprimé: C:\Program Files\Search Guard PlusU
Dossier supprimé: C:\Program Files\SGPSA
Fichier supprimé: C:\Users\Public\Desktop\Everest Poker.fr.lnk
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Clé supprimée: HKLM\Software\Classes\CLSID\{3BC4EA39-E9A4-4FA6-B9A0-0B232F7EA69D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC4EA39-E9A4-4FA6-B9A0-0B232F7EA69D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC4EA39-E9A4-4FA6-B9A0-0B232F7EA69D}
Clé supprimée: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2849852
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé supprimée: HKLM\Software\InstallPedia
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\AutocompletePro
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AutocompleteProBHO
Clé supprimée: HKCU\Software\FBSearch
Clé supprimée: HKCU\Software\Grand Virtual
Clé supprimée: HKCU\Software\SGPUpdater
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BD90948-91B3-4353-BF87-D5C3F9C54886}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater
Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
-- C:\Users\Marlène\AppData\Roaming\Mozilla\FireFox\Profiles\w61geaxt.default --
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} (BittorrentBar_FR Community Toolbar)
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://www.custom-search-fr.com/
========================================
**** Internet Explorer Version [8.0.6001.19019] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{ef79f67a-6ad7-4715-a0f8-932fca442023} (x)
HKLM_URLSearchHooks|{ef79f67a-6ad7-4715-a0f8-932fca442023} (x)
HKCU_Toolbar\WebBrowser|{EF79F67A-6AD7-4715-A0F8-932FCA442023} (x)
HKLM_Toolbar|{ef79f67a-6ad7-4715-a0f8-932fca442023} (x)
HKCU_ElevationPolicy\{2120F70B-C745-4AB0-9062-6411103FCD0C} - c:\program files\Google\googletoolbar1user.exe (x)
HKCU_ElevationPolicy\{7E9AD7D7-2EFA-4BDA-A950-4E1F3539CBC2} - c:\program files\Google\googletoolbar1user.exe (x)
HKCU_ElevationPolicy\{C19B650B-8674-4F27-98CD-20696ECB7E72} - c:\program files\Google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{BE196DBE-16C5-44D0-B4CB-AD0CE99A1379} - C:\Program Files\BittorrentBar_FR\BittorrentBar_FRToolbarHelper.exe (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 189 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 17/02/2011 16:36:23 (30982 Octet(s))
Fin à: 16:37:48, 17/02/2011
============== E.O.F ==============
####### FixLop vers 1.0.2.5 [ Suppression ] #######
# Exécuté depuis C:\Program Files\FixLop
# Le 17/02/2011 à 16h47
# Utilisateur : Marlène | PC-DE-MARLÈNE
# S.E : Windows Vista (TM) Home Premium | Service Pack 1 | 32 bits
# CPU : Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
# Internet Explorer version [8.0.6001.19019]
# Mozilla Firefox :
############## [ Processus ]
############## [ Dossiers & Fichiers ]
Dossier supprimé : C:\ProgramData\Memo Drive Vc Log
Dossier supprimé : C:\ProgramData\Time Dead Warn Default
Dossier supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dart 'm Up
~~~~ Lecture fichier prefs.js ~~~~
############## [ Clés de registres ]
############## [ Internet Explorer ]
-- [ HKLM\Software\Microsoft\Internet Explorer\Main ] --
Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url : hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page : hxxp://fr.msn.com/
Local Page : C:\Windows\System32\blank.htm
-- [ HKCU\Software\Microsoft\Internet Explorer\Main ] --
Search Page :
Default_page_url : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_search_url : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page : hxxp://fr.msn.com/
Local Page : C:\Windows\system32\blank.htm
########## [ ! Suppression finie le 17/02/2011 à 16h47 ]
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
User : Marlène (Administrateurs)
Update on 16/02/2011 by g3n-h@ckm@n ::::: 04.00
Start at: 16:50:38 | 17/02/2011
Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.19019
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 232,88 Go (98,63 Go free) | NTFS
D:\ -> Disque CD-ROM
Killed : PID 1416 'iexplore.exe'
Killed : PID 2896 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\MarlSne\DeepBurner1.exe
Quarantined & Deleted !! : C:\Users\MarlSne\eMule0.49c-Installer.exe
Quarantined & Deleted !! : C:\Users\MarlSne\vista-codec-package_vista_codec_package_4.6.3_anglais_79922.exe
Quarantined & Deleted !! : C:\Users\MarlSne\WLinstaller_8_5.exe
Quarantined & Deleted !! : C:\Users\MarlSne\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\MarlSne\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\ProgramData\sysReserve.ini
Quarantined & Deleted !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKLM\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Scheduled Update for Ask Toolbar
Deleted : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Deleted : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Deleted : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Deleted : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Deleted : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Deleted : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Deleted : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Deleted : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Deleted : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Deleted : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Deleted : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Deleted : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Deleted : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Deleted : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: SAMSUNG_ rev.2SS0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x81ED7FEF] -> \Device\Harddisk0\DR0[0x8555D120]
3 CLASSPNP[0x881A6745] -> ntkrnlpa!IofCallDriver[0x81ED7FEF] -> [0x84A38E80]
5 acpi[0x806956A0] -> ntkrnlpa!IofCallDriver[0x81ED7FEF] -> \Device\Ide\IAAStorageDevice-0[0x84A3E028]
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 16:53:08
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201102/cij3nbsWqh.zip
Voici les différents rapports et le dossier zip que tu as demandé hier.
Merci
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Marlène (Administrateurs)
Update on 16/02/2011 by g3n-h@ckm@n ::::: 04.00
Start at: 18:52:29 | 16/02/2011
Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.19019
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 232,88 Go (98,85 Go free) | NTFS
D:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" : "IP Network"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30F9B915-B755-4826-820B-08FBA6BD249D}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
Deleted : HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : HKEY_CLASSES_ROOT\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}"
Deleted : HKEY_LOCAL_MACHINE\software\InstallPedia
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
Deleted !! : C:\ProgramData\date info heck.*
Deleted !! : C:\ProgramData\beepboltbolt.*
Deleted !! : C:\ProgramData\proxy mpeg bird.*
Deleted !! : C:\Program Files\InstallPedia
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
End at 19:00:40
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 16/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 16:36:13 le 17/02/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
Marlène@PC-DE-MARLÈNE (Hewlett-Packard HP Pavilion dv6500 Notebook PC)
============== ACTION(S) ==============
Service: "IP netservices" Stoppé et supprimé
Dossier supprimé: C:\Program Files\InstallPedia
Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Fichier supprimé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
Fichier supprimé: C:\Windows\system32\Utils.dll
Dossier supprimé: C:\Users\Marlène\AppData\Roaming\Mozilla\FireFox\Profiles\w61geaxt.default\extensions\engine@conduit.com
Dossier supprimé: C:\Program Files\Ask.com
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\AskToolbar
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\AutocompletePro
Dossier supprimé: C:\Users\Marlène\AppData\Roaming\DesktopIcon
Dossier supprimé: C:\Program Files\Fast Browser Search
Dossier supprimé: C:\Users\Marlène\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Program Files\Search Guard Plus
Dossier supprimé: C:\Program Files\Search Guard PlusU
Dossier supprimé: C:\Program Files\SGPSA
Fichier supprimé: C:\Users\Public\Desktop\Everest Poker.fr.lnk
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Clé supprimée: HKLM\Software\Classes\CLSID\{3BC4EA39-E9A4-4FA6-B9A0-0B232F7EA69D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC4EA39-E9A4-4FA6-B9A0-0B232F7EA69D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC4EA39-E9A4-4FA6-B9A0-0B232F7EA69D}
Clé supprimée: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2849852
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé supprimée: HKLM\Software\InstallPedia
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\AutocompletePro
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AutocompleteProBHO
Clé supprimée: HKCU\Software\FBSearch
Clé supprimée: HKCU\Software\Grand Virtual
Clé supprimée: HKCU\Software\SGPUpdater
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BD90948-91B3-4353-BF87-D5C3F9C54886}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater
Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== SCAN ADDITIONNEL ==============
-- C:\Users\Marlène\AppData\Roaming\Mozilla\FireFox\Profiles\w61geaxt.default --
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} (BittorrentBar_FR Community Toolbar)
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://custom-search-fr.com/
Prefs.js - browser.startup.homepage, hxxp://www.custom-search-fr.com/
========================================
**** Internet Explorer Version [8.0.6001.19019] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{ef79f67a-6ad7-4715-a0f8-932fca442023} (x)
HKLM_URLSearchHooks|{ef79f67a-6ad7-4715-a0f8-932fca442023} (x)
HKCU_Toolbar\WebBrowser|{EF79F67A-6AD7-4715-A0F8-932FCA442023} (x)
HKLM_Toolbar|{ef79f67a-6ad7-4715-a0f8-932fca442023} (x)
HKCU_ElevationPolicy\{2120F70B-C745-4AB0-9062-6411103FCD0C} - c:\program files\Google\googletoolbar1user.exe (x)
HKCU_ElevationPolicy\{7E9AD7D7-2EFA-4BDA-A950-4E1F3539CBC2} - c:\program files\Google\googletoolbar1user.exe (x)
HKCU_ElevationPolicy\{C19B650B-8674-4F27-98CD-20696ECB7E72} - c:\program files\Google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{BE196DBE-16C5-44D0-B4CB-AD0CE99A1379} - C:\Program Files\BittorrentBar_FR\BittorrentBar_FRToolbarHelper.exe (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 189 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 17/02/2011 16:36:23 (30982 Octet(s))
Fin à: 16:37:48, 17/02/2011
============== E.O.F ==============
####### FixLop vers 1.0.2.5 [ Suppression ] #######
# Exécuté depuis C:\Program Files\FixLop
# Le 17/02/2011 à 16h47
# Utilisateur : Marlène | PC-DE-MARLÈNE
# S.E : Windows Vista (TM) Home Premium | Service Pack 1 | 32 bits
# CPU : Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
# Internet Explorer version [8.0.6001.19019]
# Mozilla Firefox :
############## [ Processus ]
############## [ Dossiers & Fichiers ]
Dossier supprimé : C:\ProgramData\Memo Drive Vc Log
Dossier supprimé : C:\ProgramData\Time Dead Warn Default
Dossier supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dart 'm Up
~~~~ Lecture fichier prefs.js ~~~~
############## [ Clés de registres ]
############## [ Internet Explorer ]
-- [ HKLM\Software\Microsoft\Internet Explorer\Main ] --
Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url : hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page : hxxp://fr.msn.com/
Local Page : C:\Windows\System32\blank.htm
-- [ HKCU\Software\Microsoft\Internet Explorer\Main ] --
Search Page :
Default_page_url : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_search_url : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page : hxxp://fr.msn.com/
Local Page : C:\Windows\system32\blank.htm
########## [ ! Suppression finie le 17/02/2011 à 16h47 ]
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
User : Marlène (Administrateurs)
Update on 16/02/2011 by g3n-h@ckm@n ::::: 04.00
Start at: 16:50:38 | 17/02/2011
Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.19019
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 232,88 Go (98,63 Go free) | NTFS
D:\ -> Disque CD-ROM
Killed : PID 1416 'iexplore.exe'
Killed : PID 2896 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\MarlSne\DeepBurner1.exe
Quarantined & Deleted !! : C:\Users\MarlSne\eMule0.49c-Installer.exe
Quarantined & Deleted !! : C:\Users\MarlSne\vista-codec-package_vista_codec_package_4.6.3_anglais_79922.exe
Quarantined & Deleted !! : C:\Users\MarlSne\WLinstaller_8_5.exe
Quarantined & Deleted !! : C:\Users\MarlSne\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\MarlSne\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\ProgramData\sysReserve.ini
Quarantined & Deleted !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKLM\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Scheduled Update for Ask Toolbar
Deleted : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Deleted : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Deleted : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Deleted : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Deleted : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Deleted : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Deleted : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Deleted : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Deleted : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Deleted : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Deleted : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Deleted : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Deleted : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Deleted : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: SAMSUNG_ rev.2SS0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x81ED7FEF] -> \Device\Harddisk0\DR0[0x8555D120]
3 CLASSPNP[0x881A6745] -> ntkrnlpa!IofCallDriver[0x81ED7FEF] -> [0x84A38E80]
5 acpi[0x806956A0] -> ntkrnlpa!IofCallDriver[0x81ED7FEF] -> \Device\Ide\IAAStorageDevice-0[0x84A3E028]
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 16:53:08
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201102/cij3nbsWqh.zip
Merci de réprendre c'est cool.
OTL bloque sur l'analyse tcpip.
Dans le titre de la fenêtre s'affiche entre parenthèse (ne répond pas)
OTL bloque sur l'analyse tcpip.
Dans le titre de la fenêtre s'affiche entre parenthèse (ne répond pas)
Erratum, en fait il s'est débloqué au bout d'un moment.
Voici le rapport :
http://www.cijoint.fr/cjlink.php?file=cj201102/cij3EBsdzL.txt
Voici le rapport :
http://www.cijoint.fr/cjlink.php?file=cj201102/cij3EBsdzL.txt
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
le texte au bout de ce lien : http://www.cijoint.fr/cj201102/cijMMbzVRl.txt
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
G3?-?@¢??@?......Concepteur de List_Kill'em...
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
le texte au bout de ce lien : http://www.cijoint.fr/cj201102/cijMMbzVRl.txt
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
G3?-?@¢??@?......Concepteur de List_Kill'em...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
HKU\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww25.custom-search-fr.com/" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\Bags sign deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\vc log bows face deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\warn default inter for deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd44bcec-455a-11de-9fac-001b24e91747}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd44bcec-455a-11de-9fac-001b24e91747}\ not found.
File E:\__DTMEDIA\DTMedia.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== FILES ==========
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\searchplugin folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\META-INF folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\lib folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\defaults folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\chrome folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\defaults\preferences folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\defaults folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\chrome\content folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\chrome folder moved successfully.
Folder move failed. C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com scheduled to be moved on reboot.
File\Folder C:\USERS\MARLèNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W61GEAXT.DEFAULT\EXTENSIONS\SUPPORT@PREDICTAD.COM not found.
ADS C:\ProgramData\TEMP:C30487EE deleted successfully.
ADS C:\ProgramData\TEMP:3086B95F deleted successfully.
ADS C:\ProgramData\TEMP:4F7FE589 deleted successfully.
ADS C:\ProgramData\TEMP:B1786630 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:C7F08EA3 deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:57B2B96C deleted successfully.
ADS C:\ProgramData\TEMP:0696EC8E deleted successfully.
ADS C:\ProgramData\TEMP:225CD7D5 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:124B94C0 deleted successfully.
ADS C:\ProgramData\TEMP:E32966C0 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marlène
->Temp folder emptied: 63940968 bytes
->Temporary Internet Files folder emptied: 287148279 bytes
->Java cache emptied: 82508588 bytes
->FireFox cache emptied: 45714772 bytes
->Flash cache emptied: 17394 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49810 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10970873 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 468,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_190507
Files\Folders moved on Reboot...
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com folder moved successfully.
Registry entries deleted on Reboot...
Voici le rapport de OTL après redémarrage :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
HKU\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww25.custom-search-fr.com/" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\Bags sign deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\vc log bows face deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\warn default inter for deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd44bcec-455a-11de-9fac-001b24e91747}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd44bcec-455a-11de-9fac-001b24e91747}\ not found.
File E:\__DTMEDIA\DTMedia.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== FILES ==========
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\searchplugin folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\META-INF folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\lib folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\defaults folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\chrome folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\defaults\preferences folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\defaults folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\chrome\content folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\chrome folder moved successfully.
Folder move failed. C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com scheduled to be moved on reboot.
File\Folder C:\USERS\MARLèNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W61GEAXT.DEFAULT\EXTENSIONS\SUPPORT@PREDICTAD.COM not found.
ADS C:\ProgramData\TEMP:C30487EE deleted successfully.
ADS C:\ProgramData\TEMP:3086B95F deleted successfully.
ADS C:\ProgramData\TEMP:4F7FE589 deleted successfully.
ADS C:\ProgramData\TEMP:B1786630 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:C7F08EA3 deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:57B2B96C deleted successfully.
ADS C:\ProgramData\TEMP:0696EC8E deleted successfully.
ADS C:\ProgramData\TEMP:225CD7D5 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:124B94C0 deleted successfully.
ADS C:\ProgramData\TEMP:E32966C0 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marlène
->Temp folder emptied: 63940968 bytes
->Temporary Internet Files folder emptied: 287148279 bytes
->Java cache emptied: 82508588 bytes
->FireFox cache emptied: 45714772 bytes
->Flash cache emptied: 17394 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49810 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10970873 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 468,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_190507
Files\Folders moved on Reboot...
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com folder moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
HKU\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-509749745-294339050-457649351-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww1.custom-search-fr.com/" removed from browser.startup.homepage
Prefs.js: "http://ww25.custom-search-fr.com/" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\Bags sign deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\vc log bows face deleted successfully.
Registry value HKEY_USERS\S-1-5-21-509749745-294339050-457649351-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\warn default inter for deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd44bcec-455a-11de-9fac-001b24e91747}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd44bcec-455a-11de-9fac-001b24e91747}\ not found.
File E:\__DTMEDIA\DTMedia.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== FILES ==========
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\searchplugin folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\META-INF folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\lib folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\defaults folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\chrome folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\defaults\preferences folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\defaults folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\chrome\content folder moved successfully.
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com\chrome folder moved successfully.
Folder move failed. C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com scheduled to be moved on reboot.
File\Folder C:\USERS\MARLèNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W61GEAXT.DEFAULT\EXTENSIONS\SUPPORT@PREDICTAD.COM not found.
ADS C:\ProgramData\TEMP:C30487EE deleted successfully.
ADS C:\ProgramData\TEMP:3086B95F deleted successfully.
ADS C:\ProgramData\TEMP:4F7FE589 deleted successfully.
ADS C:\ProgramData\TEMP:B1786630 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:C7F08EA3 deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:57B2B96C deleted successfully.
ADS C:\ProgramData\TEMP:0696EC8E deleted successfully.
ADS C:\ProgramData\TEMP:225CD7D5 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:124B94C0 deleted successfully.
ADS C:\ProgramData\TEMP:E32966C0 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marlène
->Temp folder emptied: 63940968 bytes
->Temporary Internet Files folder emptied: 287148279 bytes
->Java cache emptied: 82508588 bytes
->FireFox cache emptied: 45714772 bytes
->Flash cache emptied: 17394 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49810 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10970873 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 468,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_190507
Files\Folders moved on Reboot...
C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\w61geaxt.default\extensions\support@predictad.com folder moved successfully.
Registry entries deleted on Reboot...
J'ai été obligé de le mettre en .txt car en .log, ni ci-joint.fr, ni le forum n'acceptaient de le prendre.
http://www.cijoint.fr/cjlink.php?file=cj201102/cijKrRfsL7.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cijKrRfsL7.txt
bien
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
voici le rapport de Malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5802
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
18/02/2011 22:08:54
mbam-log-2011-02-18 (22-08-54).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 234006
Temps écoulé: 54 minute(s), 4 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\ad-remover\quarantine\C\program files\fast browser search\IE\searchguardplus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\fast browser search\IE\update.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\search guard plus\searchguardplus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\Users\Marlène\AppData\Roaming\desktopicon\ebayshortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
c:\program files\alwil software\Avast4\DATA\moved\yrbbppqzna[1].htm.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\list_kill'em\Upl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Marlène\downloads\everest poker.fr.exe (PUP.Casino) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5802
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
18/02/2011 22:08:54
mbam-log-2011-02-18 (22-08-54).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 234006
Temps écoulé: 54 minute(s), 4 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\ad-remover\quarantine\C\program files\fast browser search\IE\searchguardplus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\fast browser search\IE\update.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\search guard plus\searchguardplus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\Users\Marlène\AppData\Roaming\desktopicon\ebayshortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
c:\program files\alwil software\Avast4\DATA\moved\yrbbppqzna[1].htm.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\list_kill'em\Upl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Marlène\downloads\everest poker.fr.exe (PUP.Casino) -> Quarantined and deleted successfully.