How to remove the Trojan virus Solved

Question

Hello,I have been infected for some time by Trojan viruses:Trojan Generic 7742055Trojan Dropper Sirefef OTrojan Dropper Sirefef HUTrojan Dropper Sirefef HT, etc.My PC is protected by Bitdefender Internet Security 2010, which has not been able to prevent the viruses from implanting but displays a message every 3 to 4 minutes indicating that it has removed them. There are no other visible symptoms for now, except for a certain slowdown at times.Do you have a solution?Thank you in advance.Configuration: Windows XP SP3

nanard4700 · Answer

Hello

-Download the TDSSKiller utility (from Kaspersky) to your Desktop.

https://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Run TDSSKiller.exe

-On XP double-click the icon to launch the tool.
- On Vista/Seven right-click the icon and choose "Run as administrator" from the context menu.

* Click on Start scan.
* Let the tool scan your system without interrupting it and without using the PC.
* Keep the default action proposed by the tool
- If TDSS.tdl2: the Delete option will be checked.
- If TDSS.tdl3 or TDSS.tdl4: make sure Cure is checked.
- If "Suspicious object" keep the option checked on Skip
- If Rootkit.Win32.ZAccess.* is detected set to cure at the top, and delete at the bottom

* Click on Continue then on Reboot now if a restart is suggested.
* The report is located at the root of the main disk: C:\TDSSKiller.version_number_date_time_log.txt

--

The brain has such amazing capabilities that today practically everyone has one

vitsou · Answer

Thank you for the response.

TDSSKiller apparently found nothing and did not reboot the PC.
Here is the report:
21:02:43.0564 5292 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:02:45.0564 5292 ============================================================
21:02:45.0564 5292 Current date / time: 2012/09/19 21:02:45.0564
21:02:45.0564 5292 SystemInfo:
21:02:45.0564 5292
21:02:45.0564 5292 OS Version: 5.1.2600 ServicePack: 3.0
21:02:45.0564 5292 Product type: Workstation
21:02:45.0564 5292 ComputerName: HP20592287362
21:02:45.0564 5292 UserName: Administrator
21:02:45.0564 5292 Windows directory: C:\WINDOWS
21:02:45.0564 5292 System windows directory: C:\WINDOWS
21:02:45.0564 5292 Processor architecture: Intel x86
21:02:45.0564 5292 Number of processors: 2
21:02:45.0564 5292 Page size: 0x1000
21:02:45.0564 5292 Boot type: Normal boot
21:02:45.0564 5292 ============================================================
21:02:47.0189 5292 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
21:02:47.0205 5292 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:02:47.0267 5292 ============================================================
21:02:47.0267 5292 \Device\Harddisk1\DR1:
21:02:47.0267 5292 MBR partitions:
21:02:47.0267 5292 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
21:02:47.0267 5292 \Device\Harddisk0\DR0:
21:02:47.0267 5292 MBR partitions:
21:02:47.0267 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C82D150
21:02:47.0267 5292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C82D18F, BlocksNum 0x9973F2
21:02:47.0267 5292 ============================================================
21:02:47.0314 5292 C: <-> \Device\Harddisk0\DR0\Partition1
21:02:47.0345 5292 E: <-> \Device\Harddisk0\DR0\Partition2
21:02:47.0376 5292 F: <-> \Device\Harddisk1\DR1\Partition1
21:02:47.0376 5292 ============================================================
21:02:47.0376 5292 Initialize success
21:02:47.0376 5292 ============================================================
21:03:57.0033 4296 ============================================================
21:03:57.0033 4296 Scan started
21:03:57.0033 4296 Mode: Manual;
21:03:57.0033 4296 ============================================================
21:03:57.0673 4296 ================ Scan system memory ========================
21:03:57.0689 4296 System memory - ok
21:03:57.0689 4296 ================ Scan services =============================
21:03:57.0798 4296 Abiosdsk - ok
21:03:57.0798 4296 abp480n5 - ok
21:03:57.0830 4296 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
21:03:57.0908 4296 ac97intc - ok
21:03:57.0955 4296 [ E5E6DBFC41EA8AAD005CB9A57A96B43B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:03:57.0955 4296 ACPI - ok
21:03:58.0001 4296 [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:03:58.0017 4296 ACPIEC - ok
21:03:58.0095 4296 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:58.0095 4296 AdobeFlashPlayerUpdateSvc - ok
21:03:58.0095 4296 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:03:58.0111 4296 adpu160m - ok
21:03:58.0111 4296 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
21:03:58.0126 4296 adpu320 - ok
21:03:58.0173 4296 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:03:58.0173 4296 aec - ok
21:03:58.0236 4296 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:03:58.0314 4296 AFD - ok
21:03:58.0314 4296 Aha154x - ok
21:03:58.0314 4296 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:03:58.0361 4296 aic78u2 - ok
21:03:58.0361 4296 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:03:58.0376 4296 aic78xx - ok
21:03:58.0408 4296 [ 758FDC60D41716EF889D849989B4B1CD ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:03:58.0408 4296 Alerter - ok
21:03:58.0455 4296 [ 5E9A6658A2A69AE7EB195113B7A2E7A9 ] ALG C:\WINDOWS\System32\alg.exe
21:03:58.0517 4296 ALG - ok
21:03:58.0517 4296 AliIde - ok
21:03:58.0517 4296 amsint - ok
21:03:58.0564 4296 [ F36C9F78FC902C8DCE4D3B576BB0435A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:03:58.0564 4296 AppMgmt - ok
21:03:58.0751 4296 [ AA2364E962727447B611E06B7B96311D ] Arrakis3 C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
21:03:58.0767 4296 Arrakis3 - ok
21:03:58.0767 4296 asc - ok
21:03:58.0783 4296 asc3350p - ok
21:03:58.0783 4296 asc3550 - ok
21:03:58.0923 4296 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:03:59.0080 4296 aspnet_state - ok
21:03:59.0111 4296 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:03:59.0126 4296 AsyncMac - ok
21:03:59.0173 4296 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:03:59.0173 4296 atapi - ok
21:03:59.0173 4296 Atdisk - ok
21:03:59.0205 4296 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:03:59.0220 4296 Atmarpc - ok
21:03:59.0251 4296 [ B4005AEF7873144634765B570DAC466E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:03:59.0267 4296 AudioSrv - ok
21:03:59.0298 4296 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:03:59.0314 4296 audstub - ok
21:03:59.0376 4296 [ 67C2A47DB7190673350A3F9F5A1507CB ] bdfm C:\WINDOWS\system32\drivers\bdfm.sys
21:03:59.0376 4296 bdfm - ok
21:03:59.0423 4296 [ D981965D8D6578D663CF53D70A03F95A ] Bdfndisf C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
21:03:59.0439 4296 Bdfndisf - ok
21:03:59.0455 4296 [ A21A4A0E6BDF0C2BE0FABFA16D8C8F76 ] bdfsfltr C:\WINDOWS\system32\drivers\bdfsfltr.sys
21:03:59.0470 4296 bdfsfltr - ok
21:03:59.0564 4296 [ 0BDBF842A39D6C5640BA4B8ACF29AA06 ] bdftdif C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
21:03:59.0580 4296 bdftdif - ok
21:03:59.0626 4296 [ 0D756CED21D977AE32539DA1F41BF879 ] BDSelfPr C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
21:03:59.0642 4296 BDSelfPr - ok
21:03:59.0689 4296 [ 375CD0B9F433465EC6F50D4DF44E9448 ] BDVEDISK C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
21:03:59.0720 4296 BDVEDISK - ok
21:03:59.0736 4296 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:03:59.0798 4296 Beep - ok
21:03:59.0830 4296 [ 952322AE7F95A21F3EEDA99C36C68663 ] Browser C:\WINDOWS\System32\browser.dll
21:03:59.0845 4296 Browser - ok
21:03:59.0861 4296 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:03:59.0876 4296 cbidf2k - ok
21:03:59.0923 4296 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:03:59.0923 4296 CCDECODE - ok
21:03:59.0939 4296 cd20xrnt - ok
21:03:59.0970 4296 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:04:00.0220 4296 Cdaudio - ok
21:04:00.0283 4296 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:04:00.0283 4296 Cdfs - ok
21:04:00.0298 4296 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:04:00.0314 4296 Cdrom - ok
21:04:00.0314 4296 Changer - ok
21:04:00.0376 4296 [ 793EF38A5FD086C3C8E48A8A861562ED ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:04:00.0376 4296 CiSvc - ok
21:04:00.0408 4296 [ 8B30CBB0C07D49B2658FB190946B0E7E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:04:00.0455 4296 ClipSrv - ok
21:04:00.0501 4296 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:00.0642 4296 clr_optimization_v2.0.50727_32 - ok
21:04:00.0642 4296 CmdIde - ok
21:04:00.0642 4296 COMSysApp - ok
21:04:00.0658 4296 Cpqarray - ok
21:04:00.0689 4296 [ 7A6D0B71035E123FDDA2156A25578AD3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:04:00.0705 4296 CryptSvc - ok
21:04:00.0705 4296 dac2w2k - ok
21:04:00.0705 4296 dac960nt - ok
21:04:00.0767 4296 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:04:00.0798 4296 DcomLaunch - ok
21:04:00.0845 4296 [ 318F535DC05551D96DEEB90B6D6904DE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:04:00.0845 4296 Dhcp - ok
21:04:00.0908 4296 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:04:00.0908 4296 Disk - ok
21:04:00.0970 4296 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
21:04:00.0986 4296 DLABMFSM - ok
21:04:01.0017 4296 [ D4587063ACEA776699251E177D719586 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:04:01.0017 4296 DLABOIOM - ok
21:04:01.0033 4296 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:04:01.0048 4296 DLACDBHM - ok
21:04:01.0095 4296 [ 4D1B9BDAAB7A4E3643B79D805B79D33E ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
21:04:01.0095 4296 DLADResM - ok
21:04:01.0111 4296 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:04:01.0126 4296 DLAIFS_M - ok
21:04:01.0142 4296 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:04:01.0158 4296 DLAOPIOM - ok
21:04:01.0158 4296 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:04:01.0173 4296 DLAPoolM - ok
21:04:01.0189 4296 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:04:01.0205 4296 DLARTL_M - ok
21:04:01.0205 4296 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:04:01.0220 4296 DLAUDFAM - ok
21:04:01.0220 4296 [ 4897704C093C1F59CE58FC65E1E1EF1E ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:04:01.0251 4296 DLAUDF_M - ok
21:04:01.0251 4296 dmadmin - ok
21:04:01.0314 4296 [ F5DEADD42335FB33EDCA74ECB2F36CBA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:04:01.0361 4296 dmboot - ok
21:04:01.0376 4296 [ 5A7C47C9B3F9FB92A66410A7509F0C71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:04:01.0392 4296 dmio - ok
21:04:01.0423 4296 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:04:01.0423 4296 dmload - ok
21:04:01.0470 4296 [ 6797C23D6B79935482D7F0E8CA5E5B67 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:04:01.0470 4296 dmserver - ok
21:04:01.0486 4296 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:04:01.0486 4296 DMusic - ok
21:04:01.0517 4296 [ 1A1E59377FB6CACD711CC5073C4A7D79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:04:01.0533 4296 Dnscache - ok
21:04:01.0595 4296 [ 3FCF86F03D0302443C21CE6E5BBF7A25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:04:01.0626 4296 Dot3svc - ok
21:04:01.0658 4296 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:04:01.0658 4296 dpti2o - ok
21:04:01.0705 4296 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:04:01.0705 4296 drmkaud - ok
21:04:01.0751 4296 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:04:01.0767 4296 DRVMCDB - ok
21:04:01.0798 4296 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:04:01.0814 4296 DRVNDDM - ok
21:04:01.0892 4296 [ 0CEDF29CFA2E1209456D98C2EE4AE6F5 ] DTSRVC C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
21:04:01.0908 4296 DTSRVC - ok
21:04:01.0970 4296 [ 5C940A174DFB2C42B9F6BA6EDC2BAA0B ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:04:01.0970 4296 E100B - ok
21:04:02.0001 4296 [ 8B5FC9087D2CAB110BC2ED5CC5E7B8AC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:04:02.0001 4296 EapHost - ok
21:04:02.0064 4296 [ 94F948CB12C4D35483F1E815DEB16C7B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:04:02.0064 4296 ERSvc - ok
21:04:02.0095 4296 [ C3FB1D70CB88722267949694BA51759E ] Eventlog C:\WINDOWS\system32\services.exe
21:04:02.0126 4296 Eventlog - ok
21:04:02.0189 4296 [ EC16AE9B37EACF871629227A3F3913FD ] EventSystem C:\WINDOWS\system32\es.dll
21:04:02.0189 4296 EventSystem - ok
21:04:02.0220 4296 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:04:02.0236 4296 Fastfat - ok
21:04:02.0283 4296 [ 1B8542F338CDD86929A084A455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:04:02.0298 4296 FastUserSwitchingCompatibility - ok
21:04:02.0330 4296 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:04:02.0345 4296 Fdc - ok
21:04:02.0376 4296 [ 31F923EB2170FC172C81ABDA0045D18C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:04:02.0392 4296 Fips - ok
21:04:02.0408 4296 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:04:02.0408 4296 Flpydisk - ok
21:04:02.0455 4296 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:04:02.0470 4296 FltMgr - ok
21:04:02.0580 4296 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:04:02.0595 4296 FontCache3.0.0.0 - ok
21:04:02.0642 4296 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:04:02.0642 4296 Fs_Rec - ok
21:04:02.0658 4296 [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:04:02.0705 4296 Ftdisk - ok
21:04:02.0767 4296 [ DA1485749B785ADCEB421874F5F3405B ] FTRTSVC C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
21:04:02.0783 4296 FTRTSVC - ok
21:04:02.0814 4296 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:04:02.0830 4296 Gpc - ok
21:04:02.0986 4296 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:04:02.0986 4296 gupdate - ok
21:04:02.0986 4296 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:04:02.0986 4296 gupdatem - ok
21:04:03.0048 4296 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:04:03.0048 4296 gusvc - ok
21:04:03.0095 4296 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:04:03.0095 4296 HDAudBus - ok
21:04:03.0236 4296 [ 1247F83B705AF0E796330442F7967CF8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:04:03.0251 4296 helpsvc - ok
21:04:03.0298 4296 [ A3B9B4A68BC839CE5A264D5908092261 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:04:03.0298 4296 HidServ - ok
21:04:03.0345 4296 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:04:03.0361 4296 HidUsb - ok
21:04:03.0392 4296 [ 17B3C3D40CDBA40C2E331D28BE4DE27F ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:04:03.0408 4296 hkmsvc - ok
21:04:03.0408 4296 hpn - ok
21:04:03.0533 4296 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:04:03.0548 4296 hpqcxs08 - ok
21:04:03.0564 4296 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:04:03.0564 4296 hpqddsvc - ok
21:04:03.0595 4296 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:04:03.0611 4296 HPZid412 - ok
21:04:03.0642 4296 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:04:03.0642 4296 HPZipr12 - ok
21:04:03.0658 4296 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:04:03.0673 4296 HPZius12 - ok
21:04:03.0705 4296 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:04:03.0720 4296 HTTP - ok
21:04:03.0767 4296 [ BD31CFACE38D1800ABDB43F4260AF0D5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:04:03.0783 4296 HTTPFilter - ok
21:04:03.0783 4296 i2omgmt - ok
21:04:03.0783 4296 i2omp - ok
21:04:03.0814 4296 [ A09BDC4ED10E3B2E0EC27BB94AF32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:04:03.0830 4296 i8042prt - ok
21:04:03.0876 4296 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
21:04:03.0892 4296 i81x - ok
21:04:03.0939 4296 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
21:04:03.0955 4296 iAimFP0 - ok
21:04:03.0955 4296 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
21:04:03.0970 4296 iAimFP1 - ok
21:04:03.0970 4296 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
21:04:03.0986 4296 iAimFP2 - ok
21:04:03.0986 4296 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
21:04:04.0017 4296 iAimFP3 - ok
21:04:04.0017 4296 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
21:04:04.0033 4296 iAimFP4 - ok
21:04:04.0033 4296 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
21:04:04.0048 4296 iAimFP5 - ok
21:04:04.0048 4296 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
21:04:04.0080 4296 iAimFP6 - ok
21:04:04.0080 4296 [

nanard4700 · Answer

I did not find the options you mentioned in your message.
Normally TDSSkiller found nothing ;)

/!\ Attention to those who pass by this topic /!\
The following software should not be used lightly and can cause damage if misused! Only do it if a helper from the forum who knows this tool well has recommended it to you.

/!\ Disable all your protection software (Antivirus, Antispywares) /!\

* Download ComboFix (by sUBs) to your Desktop.
* Double-click on ComboFix.exe to launch it.
* It will ask you to install the recovery console: accept. (important in case of problems)
/!\ Do not touch the mouse or keyboard during the scan /!\
* When the search is complete, a report will appear.
* Host the report C:\Combofix.txt on the website pjjoint.malekal.com or cijoint.fr or toofiles then copy/paste the link provided in your next reply on the forum
#If ComboFix does not want to launch, rename it to ccm.exe and run it in safe mode.
Official ComboFix tutorial: Tuto Combofix

--

The brain has such amazing capabilities that today practically everyone has one.

vitsou · Answer

I had to launch Safe Mode for Combolix to run completely.

However, it still detects Bitdefender and asks me to disable it before proceeding, at my own risk.
I had exited my normal session leaving Bitdefender in "Game" mode.
I don't see any other way to disable it.

Thank you.

nanard4700 · Answer

In safe mode, your antivirus is disabled.
It may be that the infection indicates Bitdefender is activated to prevent its execution.
Conclusion ===> Launch Combo in MSE and don't pay attention to the program's messages.

--

The brain has such amazing capabilities that practically everyone has one today.

vitsou · Answer

To create the recovery console, the message indicates that it must have internet access, but I launched safe mode (simple).

What should I do?
Answer yes even if I don't have a network or no and relaunch combofix after restarting in safe mode with networking.

Thank you again.

nanard4700 · Answer

Start in Safe Mode with Network Support.  --  The brain has such amazing capabilities that today practically everyone has one.

vitsou · Answer

I'm back.

Combo was launched without a network so I had to continue without being able to install the recovery console.
Here is the link to the txt file: https://pjjoint.malekal.com/files.php?id=20120919_m6i14l10m9r7

I restarted normally and I'm keeping my fingers crossed; no alerts from Bitdefender have appeared yet.
Should I install the recovery console manually or should I uninstall Combofix?

Thank you again for your patience.

Best regards.

Wod · Answer

nothing like AVG  -- https://www.referencement-consultant.fr

vitsou · Answer

I'm sorry, but I don't understand what this means.  Best regards

nanard4700 · Answer

To do in order  Should I install the recovery console manually or should I uninstall Combofix? To remove Combofix.    *Click on Start >> Run ... *Now, type or copy/paste ComboFix /uninstall and click OK. (make sure there's a space between combofix and /). *You will feel like Combofix is starting, but in reality, it will self-destruct :-)  ===================================================  * Download AdwCleaner to your Desktop. (Thanks to Xplode)  *Double-click the AdwCleaner icon located on your Desktop. *On the page, click the "Delete" button *Let the tool work. *Post the report that appears at the end. (The report is also saved under C:\ AdwCleaner[SX].Txt)  =================================================  * Download and install: Malwarebyte's Anti-Malware * At the end of the installation, make sure the option “update Malwarebyte's Anti-Malware” is checked * Run MBAM and let the Updates download (otherwise do it manually when starting the program) * Then go to the "Scan" tab, check "Perform a full scan" then "Search" * Select your hard drives and then click on "Start Scan" * At the end of the scan, click on View results * Check all detected items and then click on Delete selection * Save the report * If prompted to restart, click Yes * Post the scan report after the deletion here. (post the report, even if nothing is detected.) * If you need help, check this tutorial https://www.malekal.com/tutoriel-malwarebyte-anti-malware/  --   The brain has such amazing capabilities that today almost everyone has one.

vitsou · Answer

Here's the report from AdwCleaner:

# AdwCleaner v2.002 - Report created on 09/19/2012 at 23:27:30
# Updated on 09/16/2012 by Xplode
# Operating System: Microsoft Windows XP Service Pack 3 (32 bit)
# Username: Administrator - HP20592287362
# Boot Mode: Safe Mode with Networking
# Executed from: C:\Documents and Settings\Administrator\Desktop\TOOLS\adwcleaner.exe
# Option [Removal]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted: C:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted: C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
Folder Deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oeh0nd43.default\Conduit
Folder Deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oeh0nd43.default\ConduitEngine
Folder Deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oeh0nd43.default\CT2849852
Folder Deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oeh0nd43.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
Folder Deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oeh0nd43.default\extensions\engine@conduit.com
Folder Deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
Folder Deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\BittorrentBar_FR
Folder Deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted: C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted: C:\Documents and Settings\All Users\Menu Start\Programs\Babylon
Folder Deleted: C:\Program Files\Babylon
Folder Deleted: C:\Program Files\BabylonToolbar
Folder Deleted: C:\Program Files\BittorrentBar_FR
Folder Deleted: C:\Program Files\Conduit
File Deleted: C:\Documents and Settings\All Users\Desktop\Babylon.lnk
File Deleted: C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted: C:\WINDOWS\system32\conduitEngine.tmp

***** [Registry] *****

Key Deleted: HKCU\Software\Babylon
Key Deleted: HKCU\Software\BabylonToolbar
Key Deleted: HKCU\Software\BittorrentBar_FR
Key Deleted: HKCU\Software\Conduit
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B1EECC2-2E92-4C34-8172-0D8D38015393}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted: HKCU\Toolbar
Key Deleted: HKLM\Software\Babylon
Key Deleted: HKLM\Software\BabylonToolbar
Key Deleted: HKLM\Software\BittorrentBar_FR
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted: HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted: HKLM\SOFTWARE\Classes\BabyDict
Key Deleted: HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted: HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted: HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted: HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted: HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted: HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted: HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted: HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted: HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted: HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{8B1EECC2-2E92-4C34-8172-0D8D38015393}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted: HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted: HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted: HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted: HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted: HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted: HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2849852
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted: HKLM\Software\Conduit
Key Deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E253DA0A-0B2B-4B4B-8F3B-8F277C9A759A}
Key Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAC85BD6-AC75-476F-B088-9481A5EAC988}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B1EECC2-2E92-4C34-8172-0D8D38015393}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_FR Toolbar
Value Deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Value Deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Value Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Value Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]

***** [Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored: [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v9.0.1 (fr)

Profile Name: default
File: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oeh0nd43.default\prefs.js

Deleted: user_pref("CT2849852..clientLogIsEnabled", true);
Deleted: user_pref("CT2849852..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted: user_pref("CT2849852..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted: user_pref("CT2849852.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted: user_pref("CT2849852.CTID", "CT2849852");
Deleted: user_pref("CT2849852.CurrentServerDate", "12-11-2011");
Deleted: user_pref("CT2849852.DialogsAlignMode", "LTR");
Deleted: user_pref("CT2849852.DownloadReferralCookieData", "");
Deleted: user_pref("CT2849852.EMailNotifierPollDate", "Sat Nov 12 2011 02:01:09 GMT+0100");
Deleted: user_pref("CT2849852.FeedLastCount129349795937781608", 137);
Deleted: user_pref("CT2849852.FeedPollDate129313974171006416", "Sat Nov 12 2011 02:01:11 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313975698350231", "Sat Nov 12 2011 02:01:11 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313976370850190", "Sat Nov 12 2011 02:01:11 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313976648818968", "Sat Nov 12 2011 02:01:11 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313977444757117", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313980389131455", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313980655381977", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313980886163259", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313981234756535", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313983226631720", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedPollDate129313983607725691", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.FeedTTL129313974171006416", 10);
Deleted: user_pref("CT2849852.FeedTTL129313977444757117", 15);
Deleted: user_pref("CT2849852.FeedTTL129313980655381977", 5);
Deleted: user_pref("CT2849852.FeedTTL129313981234756535", 5);
Deleted: user_pref("CT2849852.FirstServerDate", "12-11-2011");
Deleted: user_pref("CT2849852.FirstTime", true);
Deleted: user_pref("CT2849852.FirstTimeFF3", true);
Deleted: user_pref("CT2849852.FixPageNotFoundErrors", false);
Deleted: user_pref("CT2849852.GroupingServerCheckInterval", 1440);
Deleted: user_pref("CT2849852.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted: user_pref("CT2849852.HasUserGlobalKeys", true);
Deleted: user_pref("CT2849852.Initialize", true);
Deleted: user_pref("CT2849852.InitializeCommonPrefs", true);
Deleted: user_pref("CT2849852.InstallationAndCookieDataSentCount", 1);
Deleted: user_pref("CT2849852.InstallationType", "UnknownIntegration");
Deleted: user_pref("CT2849852.InstalledDate", "Sat Nov 12 2011 02:01:10 GMT+0100");
Deleted: user_pref("CT2849852.IsGrouping", false);
Deleted: user_pref("CT2849852.IsMulticommunity", false);
Deleted: user_pref("CT2849852.IsOpenThankYouPage", true);
Deleted: user_pref("CT2849852.IsOpenUninstallPage", false);
Deleted: user_pref("CT2849852.LanguagePackLastCheckTime", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440);
Deleted: user_pref("CT2849852.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted: user_pref("CT2849852.LastLogin_3.2.5.2", "Sat Nov 12 2011 02:01:10 GMT+0100");
Deleted: user_pref("CT2849852.LatestVersion", "3.8.0.8");
Deleted: user_pref("CT2849852.Locale", "fr");
Deleted: user_pref("CT2849852.MCDetectTooltipHeight", "83");
Deleted: user_pref("CT2849852.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted: user_pref("CT2849852.MCDetectTooltipWidth", "295");
Deleted: user_pref("CT2849852.SearchFromAddressBarIsInit", true);
Deleted: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted: user_pref("CT2849852.SearchInNewTabEnabled", true);
Deleted: user_pref("CT2849852.SearchInNewTabIntervalMM", 1440);
Deleted: user_pref("CT2849852.SearchInNewTabLastCheckTime", "Sat Nov 12 2011 02:01:11 GMT+0100");
Deleted: user_pref("CT2849852.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted: user_pref("CT2849852.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted: user_pref("CT2849852.ServiceMapLastCheckTime", "Sat Nov 12 2011 02:01:07 GMT+0100");
Deleted: user_pref("CT2849852.SettingsLastCheckTime", "Sat Nov 12 2011 02:01:08 GMT+0100");
Deleted: user_pref("CT2849852.SettingsLastUpdate", "1319755494");
Deleted: user_pref("CT2849852.ThirdPartyComponentsInterval", 504);
Deleted: user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Sat Nov 12 2011 02:01:07 GMT+0100");
Deleted: user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1255344667");
Deleted: user_pref("CT2849852.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted: user_pref("CT2849852.UserID", "UN14160595269255674");
Deleted: user_pref("CT2849852.WeatherNetwork", "");
Deleted: user_pref("CT2849852.WeatherPollDate", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CT2849852.WeatherUnit", "C");
Deleted: user_pref("CT2849852.alertChannelId", "1241893");
Deleted: user_pref("CT2849852.backendstorage.cbfirsttime", "536174204E6F7620313220323031312030323A30313A31362[...]
Deleted: user_pref("CT2849852.myStuffEnabled", true);
Deleted: user_pref("CT2849852.myStuffPublihserMinWidth", 400);
Deleted: user_pref("CT2849852.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted: user_pref("CT2849852.myStuffServiceIntervalMM", 1440);
Deleted: user_pref("CT2849852.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted: user_pref("CT2849852.testingCtid", "");
Deleted: user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Sat Nov 12 2011 02:01:10 GMT+0100");
Deleted: user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241893/1237566/FR", "\"0\"[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", [...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"56fe0d15406c7b[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849852&octid=[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"864[...]
Deleted: user_pref("CommunityToolbar.EngineOwner", "CT2849852");
Deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}");
Deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_fr");
Deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849852");
Deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}");
Deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_fr");
Deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://utils.babylon.com/abt/index.php?u[...]
Deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2849852,ConduitEngine");
Deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2849852,ConduitEngine");
Deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Nov 13 2011 12:28:37 GMT+0100");
Deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted: user_pref("CommunityToolbar.alert.locale", "en");
Deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Nov 13 2011 02:01:07 GMT+0100");
Deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted: user_pref("CommunityToolbar.alert.userId", "db0b0b8b-1258-4ff8-9c46-dea4da9ab7f8");
Deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Nov 12 2011 02:01:12 GMT+0100");
Deleted: user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted: user_pref("ConduitEngine.FirstServerDate", "11/12/2011 04");
Deleted: user_pref("ConduitEngine.FirstTime", true);
Deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted: user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted: user_pref("ConduitEngine.Initialize", true);
Deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted: user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Deleted: user_pref("ConduitEngine.InstalledDate", "Sat Nov 12 2011 02:01:10 GMT+0100");
Deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted: user_pref("ConduitEngine.IsOpenUninstallPage", false);
Deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Nov 12 2011 02:01:10 GMT+0100");
Deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Nov 12 2011 02:01:11 GMT+0100");
Deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Nov 12 2011 02:01:08 GMT+0100");
Deleted: user_pref("ConduitEngine.UserID", "UN17035386422776466");
Deleted: user_pref("ConduitEngine.engineLocale", "fr");
Deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Nov 12 2011 02:01:10 GMT+0100");
Deleted: user_pref("ConduitEngine.initDone", true);
Deleted: user_pref("browser.babylon.HPOnNewTab", "1");
Deleted: user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Deleted: user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted: user_pref("extensions.BabylonToolbar.cntry", "FR");
Deleted: user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted: user_pref("extensions.BabylonToolbar.hdrMd5", "EAF95E58768598F68F18604F6DD19884");
Deleted: user_pref("extensions.BabylonToolbar.lastActv", "12");

*************************

AdwCleaner[S1].txt - [23512 bytes] - [09/19/2012 23:27:30]

########## EOF - C:\AdwCleaner[S1].txt - [23573 bytes] ##########

Then here's the report from Malwarebyte's Anti-Malware:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database Version: v2012.09.19.12

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Network)
Internet Explorer 8.0.6001.18702
Administrator :: HP20592287362 [administrator]

Protection: Disabled

09/19/2012 23:45:11
mbam-log-2012-09-19 (23-45-11).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Scan options disabled: P2P
Items scanned: 295231
Time elapsed: 27 minute(s), 18 second(s)

Memory processes detected: 0
(No harmful items detected)

Modules detected:

nanard4700 · Answer

If you wish, we can check with a complete analysis of your hard drive.

* Download ZHPDiag (by Nicolas Coolman).
or
ZHPDiag
or
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Or the backup FTP link:
ftp://zebulon.fr/ZHPDiag2.exe

***********************
/!\ Windows Vista and 7 users: Right-click on the ZHPDiag.exe logo (scroll icon), run as Administrator /!\
* Follow the prompts during installation
* It will launch automatically at the end of the installation
* Click on the icon representing a magnifying glass (“Start the diagnosis”)
* Save the report on your Desktop using the icon representing a floppy disk
* Upload the ZHPDiag.txt report to pjjoint.malekal.com or cijoint.fr or toofiles then copy/paste the link provided in your next response on the forum

--

The brain has such astonishing capabilities that today practically everyone has one.

vitsou · Answer

Good evening  Here is the text file from ZHPDiag: https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120920_m9x6y12d14g5    Best regards

nanard4700 · Answer

2/Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag)
3/Clique sur l''icone représentant la lettre H (« coller les lignes Helper »)

----------------------------------------------------------
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} Orphan key
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} Orphan key
O2 - BHO: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} Orphan key
O69 - SBI: prefs.js [Administrateur - oeh0nd43.default] user_pref("extensions.enabledItems", "engine@conduit.com:3.2.5.2,{ef79f67a-6ad7-4715-a0f8-932fca442023}:3.2.5.2,{20a82645-c095-46e[...]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
EmptyTemp
FirewallRaz
--------------------------------------------------------

- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse

--

Le cerveau a des capacités tellement étonnantes qu'aujourd'hui pratiquement tout le monde en a un

vitsou · Answer

Hello

Here is the report:
ZHPFix Report 1.2.09 by Nicolas Coolman, Updated on 01/09/2012
Export Registry file: C:\ZHP\ZHPExportRegistry-21-09-2012-16-50-54.txt
Run by Administrator at 21/09/2012 16:50:54
Windows XP Professional Service Pack 3 (Build 2600)
Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html
Website: http://nicolascoolman.skyrock.com/

========== Registry Key(s) ==========
DELETE Key*: CLSID BHO: {2EECD738-5844-4a99-B4B6-146BF802613B}
DELETE Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
DELETE Key*: CLSID BHO: {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
DELETE Key*: CLSID BHO: {ef79f67a-6ad7-4715-a0f8-932fca442023}
ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
DELETE Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ef79f67a-6ad7-4715-a0f8-932fca442023}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}

========== Registry Value(s) ==========
ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe
DELETE FirewallRaz (SP): %windir%\system32\sessmgr.exe
DELETE FirewallRaz (DP): %windir%\system32\sessmgr.exe
No value present in the registry exception key (FirewallRaz)

========== Registry Data Item(s) ==========
DELETE R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Browser Preferences ==========
ABSENT Mozilla Pref: user_pref("extensions.enabledItems", "engine@conduit.com:3.2.5.2,{ef79f67a-6ad7-4715-a0f8-932fca442023}:3.2.5.2,{20a82645-c095-46e[...]

========== Folder(s) ==========
DELETE Windows Temporary:

========== File(s) ==========
DELETE Windows Temporary:

========== Summary ==========
8: Registry Key(s)
4: Registry Value(s)
1: Registry Data Item(s)
1: Folder(s)
1: File(s)
1: Browser Preferences

End of clean in 00min 01s

========== Report file path ==========
C:\ZHP\ZHPFix[R1].txt - 21/09/2012 16:50:54 [2187]

Sincerely

nanard4700 · Answer

Your PC is now clean.
Here are some tips.

* To browse the internet more securely and block ads, I highly recommend that you install and use the Firefox browser. Once that's done, launch it and install the following security extension to block ads: Adblock Plus

* WOT - Extension for your internet browser:
Here is an extension to download that will allow you, while searching on Google, to know if the proposed site is a trustworthy site or a site to avoid because it could infect your PC:
For Firefox: https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
For Internet Explorer: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
=============================================

Java is not up to date, it's a security vulnerability.
1. First, you need to uninstall the old version.
2. Open the start menu
3. Click on Control Panel
4. Go to Add/Remove Programs
5. Select all versions of Java present and uninstall them.
6. Then, download and install the new version of Java (do not install the toolbar offered during the installation)
==============================================
==============================================
You also need to update all your other programs to fill security gaps... Check for available updates using this small program (choose the version without installation): Update Checker https://www.commentcamarche.net/faq/9908-filehippo-app-manager-vos-logiciels-sont-ils-a-jour
Install it with the default settings by clicking Next each time.

Once installed, wait a few seconds and you will see a green icon in your taskbar indicating that updates are available.

Double-click the icon to be redirected to the updates download site.

* One advice: do not install BETA

===============================================
To remove disinfecting programs.

* Download: DelFix to your desktop.
* Run it, click Remove.
* Wait during the scan until the report opens.
* Post the contents of the report in your next response on the forum.

* Note: The report is located under C:\DelFixSearch.

===============================================
Disable and re-enable System Restore under Windows XP.
Doing this will remove any viruses that may have been stored in the restore points you created earlier. It is therefore recommended to do this:
[1] In the Windows taskbar, click Start.
[2] Right-click on My Computer then click Properties.
[3] In the System Restore tab, check "Disable System Restore"
[4] Click Apply.
[5] Then uncheck "Disable System Restore"
[6] Click Apply then OK
[7] Go create a restore point by clicking on Start => All Programs => Accessories => System Tools => System Restore => Create a Restore Point => you put a name: (example: end of disinfection) then you validate.
[8] Remember to empty the recycle bin.

==================================================
Beware of misconceptions:

Never have two antivirus programs with real-time protection enabled, it's the best way to create conflicts. Multiple active antivirus programs can interfere with each other, and in the end, the PC you thought was more secure becomes a sieve...

Anti-spyware programs are useless, and don't forget that the best way to protect your computer is you!
================================================
You can mark your problem as resolved!!https://www.commentcamarche.net/infos/25917-forum-ccm-mode-d-emploi-marquer-mon-sujet-comme-resolu/

--

The brain has such amazing capabilities that today practically everyone has one.

vitsou · Answer

Hello

Here is the Delfix report:
# DelFix v8.9 - Report created on 09/23/2012 at 17:58:39
# Updated on 07/27/12 by Xplode
# Operating System: Microsoft Windows XP Service Pack 3 (32-bit)
# Username: Administrator - HP20592287362 (Administrator)
# Executed from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\82JVA6F2\DelFix-8.9[1].exe
# Option [Removal]

~~~~~~ Folder(s) ~~~~~~

Deleted: C:\ZHP
Deleted: C:\Documents and Settings\All Users\Start Menu\Programs\ZHP
Deleted: C:\Program Files\ZHPDiag

~~~~~~ File(s) ~~~~~~

Deleted: C:\AdwCleaner[S1].txt
Deleted: C:\ComboFix.txt
Deleted: C:\TDSSKiller.2.8.10.0_19.09.2012_21.02.43_log.txt
Deleted: C:\Documents and Settings\Administrator\Desktop\ZHPDiag.txt
Deleted: C:\Documents and Settings\Administrator\Desktop\ZHPFixReport.txt
Deleted: C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
Deleted: C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
Deleted: C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
Deleted: C:\Documents and Settings\Administrator\My Documents\Downloads\AVENGERS 2012 DVDRIP FR PAL XVID .avi

~~~~~~ Registry ~~~~~~

Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Key Deleted: HKLM\SOFTWARE\AdwCleaner
Key Deleted: HKLM\SOFTWARE\Swearware
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~~~~~~ Other ~~~~~~

-> Prefetch Video

*************************

DelFix[S1].txt - [1567 bytes] - [09/23/2012 17:58:39]

########## EOF - C:\DelFix[S1].txt - [1691 bytes] ##########

Thank you again for everything.

Best regards

How to remove the Trojan virus

18 réponses

How to get the character µ on the android keyboard.

Texture issues in enshrouded

Access issue to my "contact me" profile

Windows spotlight is not working.

My tv turns off and then on again repeatedly?

Executable from a python file

Pay in 4 installments cdiscount

The alt gr key is not working on my keyboard.

Code 80072efe how to get windows update working again

Video in ".3gp" format