Recovery file à éliminer

Résolu
innovator22 Messages postés 37 Statut Membre -  
 g3n-h@ckm@n -
Bonjour,

J'ai fait les étapes décrites par Smart91 jusqu'à celui du diagnostic dans ZHPDiag
(https://forums.commentcamarche.net/forum/affich-25172750-smart-repair
Voici mon rapport ZHPDiag:
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20121007_t13j12q10x10u11
Quelqu'un peut-il m'aider à terminer car j'ai retrouvé les documents, je n'ai plus le pop-up qui me dit que mon disque est infesté mais j'ai toujours l'écran noir en fond d'écran et mon PC en mode normal s'éteint systématiquement au bout de 4, 5 minutes (la fan tourne à plein régime juste avant que le PC s'éteigne subitement). Je pense donc que le virus n'est pas totalement éliminé ou alors j'ai d'autres problèmes que je ne comnais pas...
Merci de votre aide.

23 réponses

  • 1
  • 2
Résumé de la discussion

Un témoignage rapporte avoir suivi les étapes décrites jusqu'au diagnostic ZHPDiag et constate un écran noir en fond d'écran et un arrêt système après quelques minutes, suggérant une infection persistante.
Plusieurs contributions demandent les rapports MBAM et un topo des soucis restants afin de cibler les prochaines mesures, notamment les analyses complémentaires et les nettoyages à privilégier.
D'autres évoquent l'emploi d'outils comme AdwCleaner, des rapports OTL et la prudence lors des téléchargements, notamment au sujet de ComboFix et des alertes Avast liées à Firefox.
En toile de fond, des soucis pratiques comme l'impossibilité de télécharger certains outils (ex. ComboFix) dans certaines régions et la nécessité d'exécutions en tant qu'administrateur sont évoqués.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    bonjour,

    OK. poste tous les rapport MBAM ecc que t'as fait.
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Je n'ai fait qu'un rapport et en mode sans échec avec réseau car sinon le PC s'éteint et l examen ne se fait pas:

      Malwarebytes Anti-Malware (Essai) 1.65.0.1400
      www.malwarebytes.org

      Version de la base de données: v2012.10.07.02

      Windows 7 Service Pack 1 x86 NTFS (Mode sans échec/Réseau)
      Internet Explorer 9.0.8112.16421
      ib :: HP-4420S-IB [administrateur]

      Protection: Désactivé

      07/10/2012 3:12:28 PM
      mbam-log-2012-10-07 (15-12-28).txt

      Type d'examen: Examen complet (C:\|F:\|)
      Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
      Options d'examen désactivées: P2P
      Elément(s) analysé(s): 590700
      Temps écoulé: 1 heure(s), 11 minute(s), 8 seconde(s)

      Processus mémoire détecté(s): 0
      (Aucun élément nuisible détecté)

      Module(s) mémoire détecté(s): 0
      (Aucun élément nuisible détecté)

      Clé(s) du Registre détectée(s): 37
      HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Mis en quarantaine et supprimé avec succès.
      HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports2) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
      HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Mis en quarantaine et supprimé avec succès.

      Valeur(s) du Registre détectée(s): 6
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Données: -> Mis en quarantaine et supprimé avec succès.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Données: 1 -> Mis en quarantaine et supprimé avec succès.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Données: -> Mis en quarantaine et supprimé avec succès.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Données: 2 -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Données: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Données: 215 Apps -> Mis en quarantaine et supprimé avec succès.

      Elément(s) de données du Registre détecté(s): 1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Mauvais: (http://www.helpmeopen.com/?n=app&ext=%s) Bon: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Mis en quarantaine et réparé avec succès

      Dossier(s) détecté(s): 12
      C:\Program Files\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\ShoppingReport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\AppData\Local\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

      Fichier(s) détecté(s): 21
      C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReports2) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\cbWBqvdjur.exe (Trojan.FakeAlert) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\RTPtr9uwR4dBwM.exe (Trojan.FakeAlert) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\fb.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\jquery.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\I Want This\json.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\ib\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

      (fin)


      Merci
      0
  2. Utilisateur anonyme
     
    bonsoir,

    Télécharge et enregistre ADWcleaner sur ton bureau :

    ADWCleaner https://toolslib.net (Merci à Xplode)

    Lance le,

    (Pour vista et seven => clic droit "executer en tant qu'administrateur")

    clique sur suppression et poste son rapport

    adblock https://www.commentcamarche.net/telecharger/web-internet/25023-adblock-plus/ plus est un module pour firefox il marche trés bien
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Voici le rapport:

      # AdwCleaner v2.004 - Logfile created 10/08/2012 at 03:00:28
      # Updated 06/10/2012 by Xplode
      # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
      # User : ib - HP-4420S-IB
      # Boot Mode : Normal
      # Running from : C:\Users\ib\Downloads\adwcleaner (2).exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
      File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
      File Deleted : C:\user.js
      Folder Deleted : C:\Program Files\Ask.com
      Folder Deleted : C:\Program Files\BabylonToolbar
      Folder Deleted : C:\Program Files\Complitly
      Folder Deleted : C:\Program Files\Conduit
      Folder Deleted : C:\Program Files\DealPly
      Folder Deleted : C:\Program Files\Freecorder
      Folder Deleted : C:\Program Files\Ilivid
      Folder Deleted : C:\Program Files\Windows iLivid Toolbar
      Folder Deleted : C:\ProgramData\Babylon
      Folder Deleted : C:\ProgramData\boost_interprocess
      Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
      Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
      Folder Deleted : C:\Users\ib\AppData\Local\Babylon
      Folder Deleted : C:\Users\ib\AppData\Local\Conduit
      Folder Deleted : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
      Folder Deleted : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Folder Deleted : C:\Users\ib\AppData\Local\Ilivid Player
      Folder Deleted : C:\Users\ib\AppData\LocalLow\AskToolbar
      Folder Deleted : C:\Users\ib\AppData\LocalLow\BabylonToolbar
      Folder Deleted : C:\Users\ib\AppData\LocalLow\boost_interprocess
      Folder Deleted : C:\Users\ib\AppData\LocalLow\Conduit
      Folder Deleted : C:\Users\ib\AppData\LocalLow\Freecorder
      Folder Deleted : C:\Users\ib\AppData\LocalLow\searchquband
      Folder Deleted : C:\Users\ib\AppData\LocalLow\Searchqutoolbar
      Folder Deleted : C:\Users\ib\AppData\LocalLow\ShoppingReport2
      Folder Deleted : C:\Users\ib\AppData\Roaming\Babylon
      Folder Deleted : C:\Users\ib\AppData\Roaming\Complitly
      Folder Deleted : C:\Users\ib\Documents\Freecorder
      Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

      ***** [Registry] *****

      Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
      Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
      Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
      Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
      Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
      Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
      Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
      Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
      Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
      Key Deleted : HKCU\Software\AppDataLow\Toolbar
      Key Deleted : HKCU\Software\Ask&Record
      Key Deleted : HKCU\Software\Ask.com
      Key Deleted : HKCU\Software\BabylonToolbar
      Key Deleted : HKCU\Software\Complitly
      Key Deleted : HKCU\Software\Conduit
      Key Deleted : HKCU\Software\Cr_Installer
      Key Deleted : HKCU\Software\DataMngr_Toolbar
      Key Deleted : HKCU\Software\DealPly
      Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Key Deleted : HKCU\Software\ilivid
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKCU\Software\Softonic
      Key Deleted : HKLM\Software\Babylon
      Key Deleted : HKLM\Software\BabylonToolbar
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\b
      Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
      Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
      Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
      Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
      Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
      Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
      Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
      Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
      Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
      Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
      Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
      Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
      Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
      Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
      Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
      Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Deleted : HKLM\Software\Conduit
      Key Deleted : HKLM\Software\DealPly
      Key Deleted : HKLM\Software\Freecorder
      Key Deleted : HKLM\Software\Freeze.com
      Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
      Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Key Deleted : HKLM\Software\ilivid
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B6654AE-0CF4-4904-BB75-9B336F9FD374}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF21C819-BC4E-4542-9819-4D5E8A4EA983}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
      Key Deleted : HKLM\Software\SearchquMediabarTb
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      [OK] Registry is clean.

      -\\ Google Chrome v [Unable to get version]

      File : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Preferences
      0
  3. Utilisateur anonyme
     
    @juju666 > j'ai tes laisse prendre la suite !

    @innovator22 >un helper habilité passera surmont pour ici il
    prendra la suite.

    bon nuit
    0
  4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Bonjour,

    Si tel est le désir de fraci13 ...

    Télécharge ici :OTL

    enregistre le sur ton Bureau.

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.

    => Clique ici pour voir la Configuration

    ▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    netsvcs
    safebootminimal
    safebootnetwork
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.ini
    %systemroot%\Tasks\*.*
    %systemroot%\system32\Tasks\*.*
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\config\*.exe /s
    %systemroot%\system32\*.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    CREATERESTOREPOINT


    ▶ Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    heberge OTL.txt et extra.txt sur FEC Upload et donne les liens obtenus en échange
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Bonjour,

      Voici les liens:
      - OTL rapport: https://forums-fec.be/upload/www/?a=d&i=9829740335
      - Extras rapport: https://forums-fec.be/upload/www/?a=d&i=9013856534


      Merci.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.

    ▶ Copie la liste qui se trouve en gras ci-dessous et colle-la dans la zone sous "Personnalisation" :


    :OTL
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..keyword.URL: "http://www1.search-results.com/web?l=dis&q=&o=APN10645&apn_dtid=%5EBND406%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAG6&d=406-102&lang=en&atb=sysid%3D406%3Aappid%3D102%3Auid%3D2e8ae18d63404f14%3Asrc%3Dffb%3Ao%3DAPN10645%3Atg%3D&p2=%5EAG6%5EBND406%5EYY%5EFR"
    [2011/10/25 04:59:43 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/04/16 10:58:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com
    MOD - [2011/09/27 21:10:41 | 001,236,368 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll
    [2011/01/29 04:46:28 | 000,001,849 | ---- | C] () -- C:\Users\ib\AppData\Roaming\GhostObjGAFix.xml
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    [2012/04/16 10:58:51 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    [2012/01/05 23:03:18 | 000,000,923 | ---- | M] () -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\conduit.xml
    [2011/10/25 04:59:39 | 000,002,520 | ---- | M] () -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\SearchResults.xml
    [2010/09/05 03:33:10 | 000,003,806 | ---- | M] () -- C:\windows\system32\Tasks\Scheduled Update for Ask Toolbar

    :Commands
    [EMPTYTEMP]


    ▶ Clique sur "Correction" pour lancer la suppression.

    ▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail apres le redemarrage.

    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Ok,

      Voici le rapport:

      All processes killed
      ========== OTL ==========
      Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
      Prefs.js: "http://www1.search-results.com/web?l=dis&q=&o=APN10645&apn_dtid=%5EBND406%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAG6&d=406-102&lang=en&atb=sysid%3D406%3Aappid%3D102%3Auid%3D2e8ae18d63404f14%3Asrc%3Dffb%3Ao%3DAPN10645%3Atg%3D&p2=%5EAG6%5EBND406%5EYY%5EFR" removed from keyword.URL
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com folder moved successfully.
      C:\Users\ib\AppData\Roaming\GhostObjGAFix.xml moved successfully.
      Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\conduit.xml moved successfully.
      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\SearchResults.xml moved successfully.
      C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      ->Flash cache emptied: 56504 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: ib
      ->Temp folder emptied: 51878640 bytes
      ->Temporary Internet Files folder emptied: 140058223 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 47708102 bytes
      ->Google Chrome cache emptied: 12025024 bytes
      ->Flash cache emptied: 39405 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 1460152 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 218671700 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
      RecycleBin emptied: 13235194 bytes

      Total Files Cleaned = 463.00 mb


      OTL by OldTimer - Version 3.2.69.0 log created on 10082012_144835

      Files\Folders moved on Reboot...
      File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...
      0
  7. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Bien.

    Fais moi un topo des soucis restants.
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Ok alors:
      - L'antivirus Avast me signale toutes les minutes qu'une adresse URL malveillante a été bloquée
      Processus: C:\windows\Explorer.EXE
      Il parle d'Explorer mais j'utilise Firefox. Est ce que je devrais changer d'antivirus?
      - Ca fait plusieurs mois qu'il y a une mise à jour Java que je veux installer qui échoue systématiquement, je ne comprends pas pourquoi.

      Sinon, la fan fonctionne moins et il semble que le PC ne s'éteigne plus au bout de quelques minutes.

      J'ai lu dans d'autres forums qu'il fallait désactiver les points de restauration et en créer un pour éviter que le virus reste dans ces points de restauration? Est-ce que je dois le faire? comment le faire?

      Aussi, il semble conseiller d'avoir les dernières mises à jour de Java Flash etc. Peux tu donner les liens sûrs pour faire les update?

      Je ne vois rien d'autre pour le moment.

      Merci encore.
      0
    2. innovator22 Messages postés 37 Statut Membre
       
      Autre chose,

      Est ce que je dois effacer RogueKiller, ZHPDiag etc. et toues rapports?
      Merci
      0
    3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      On s'en charge à la fin. Fais combofix pour le moment !
      0
  8. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    En fait explorer.exe c'est ton explorateur windows.
    Il a du être infecté.
    On va le réparer.

    Pour ce qui est de Java on s'en chargera après.

    Fais ceci :


    ▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

    Ferme les fenêtres de tous les programmes en cours.
    Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    Si tu es sur Windows XP, laisse-le installer la console de récupération.

    ▶ Ne touche à rien durant le scan

    ComboFix devrait redémarrer ton PC.

    ▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    ▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Il semble y avoir une erreur aussi avec Firefox car j'ai la meme alerte Avast avec Processus: C:\Program Files\Mozilla Firefox!firefox.exe.

      Sinon, je ne peux pas télécharger ComboFix ( le lien sur lequel ca renvoi http://download.bleepingcomputer.com/sUBs/ComboFix.exe est bloqué par le filtre du fournisseur... Je suis aux Emirats arabes unis)
      Alors je suis allé sur google et ce site, j'ai commencé à télécharger et je me suis rendu compte que ca semblait un fake: www.combofix.org
      Qu'est ce que je fais?
      Merci
      0
    2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      Coupe Avast! clic droit sur son logo dans la barre des tâches -> désactiver tous les agents -> jusqu'au prochain redémarrage

      Ensuite dans protection supplémentaire tu coupe également l'autosandbox qui fait ch$er ^^

      ===========

      combofix.org est un fake, je te l'ai hébergé ici : https://forums-fec.be/tools/innovator22.exe
      0
    3. innovator22 Messages postés 37 Statut Membre
       
      Voila:

      ComboFix 12-10-08.01 - ib 08/10/2012 17:20:09.1.4 - x86
      Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2991.1760 [GMT 4:00]
      Running from: c:\users\ib\Desktop\innovator22.exe
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\TelevisionFanaticEI
      c:\programdata\RTPtr9uwR4dBwM
      C:\Thumbs.db
      c:\users\ib\AppData\Roaming\Local
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Les.Portes.De.La.Gloire.DVDRip.XViD.by francescao.avi.ddr
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Les.Portes.de.la.Gloire.WaWa.avi.ddr
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Les.Portes.De.La.Gloire.DVDRip.XViD.by francescao.avi
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Les.Portes.de.la.Gloire.WaWa.avi.ddp
      c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
      c:\users\ib\Documents\~WRL0001.tmp
      c:\users\ib\Documents\~WRL0005.tmp
      c:\users\ib\Documents\~WRL1227.tmp
      c:\users\ib\Documents\~WRL3798.tmp
      c:\windows\iun6002.exe
      c:\windows\system32\pt
      c:\windows\system32\pt\DPCont32.dll.mui
      c:\windows\system32\pt\DPCrProv.dll.mui
      c:\windows\system32\pt\DPFPApiUI.dll.mui
      c:\windows\system32\pt\DPPassFilter.dll.mui
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-08 14:05 . 2012-10-08 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-10-08 13:01 . 2012-10-08 13:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\offreg.dll
      2012-10-08 12:07 . 2012-10-08 12:08 -------- d-----w- c:\programdata\Max Secure
      2012-10-08 12:04 . 2012-10-08 12:04 -------- d-----w- c:\users\ib\AppData\Local\Max Secure Software
      2012-10-08 12:02 . 2012-10-08 12:02 -------- d-----w- c:\users\ib\AppData\Roaming\GetRightToGo
      2012-10-08 10:48 . 2012-10-08 10:48 -------- d-----w- C:\_OTL
      2012-10-08 08:43 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\mpengine.dll
      2012-10-07 12:54 . 2012-10-07 13:36 -------- d-----w- C:\ZHP
      2012-10-07 12:54 . 2012-10-07 13:32 -------- d-----w- c:\program files\ZHPDiag
      2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\users\ib\AppData\Roaming\Malwarebytes
      2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\programdata\Malwarebytes
      2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-10-07 10:35 . 2012-10-07 10:36 -------- d-----w- C:\7ef52122b874919de198bef501d88d
      2012-10-03 14:46 . 2012-10-03 14:46 -------- d-----w- c:\users\ib\AppData\Local\ElevatedDiagnostics
      2012-10-03 11:03 . 2012-06-22 07:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
      2012-10-03 11:03 . 2012-06-22 07:38 767960 ----a-w- c:\windows\BDTSupport.dll
      2012-10-03 11:03 . 2012-06-22 07:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
      2012-10-03 11:03 . 2012-06-22 07:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
      2012-10-03 11:03 . 2012-06-22 07:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
      2012-10-03 11:00 . 2012-10-03 11:00 -------- d-----w- c:\program files\PC Tools
      2012-10-03 10:56 . 2012-06-22 11:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
      2012-10-03 10:56 . 2012-10-07 22:48 -------- d-----w- c:\program files\Common Files\PC Tools
      2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Enigma Software Group
      2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
      2012-10-03 09:47 . 2012-10-07 22:39 -------- d-----w- c:\programdata\PC Tools
      2012-10-03 09:47 . 2012-10-03 09:47 -------- d-----w- c:\users\ib\AppData\Roaming\TestApp
      2012-09-26 08:23 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-09-23 10:07 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-09-12 08:10 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
      2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
      2012-09-12 08:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-09-12 08:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-09-12 08:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-09-12 08:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-07 13:42 . 2011-11-11 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
      2012-09-21 14:52 . 2012-04-07 13:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-09-21 14:52 . 2011-12-03 03:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-08-21 09:13 . 2011-06-20 11:24 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2012-08-21 09:13 . 2010-08-23 12:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2012-08-21 09:13 . 2010-08-23 12:20 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2012-08-21 09:13 . 2012-04-08 23:51 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
      2012-08-21 09:13 . 2010-08-23 12:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2012-08-21 09:13 . 2010-08-23 12:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2012-08-21 09:12 . 2010-08-23 12:20 41224 ----a-w- c:\windows\avastSS.scr
      2012-08-21 09:12 . 2010-08-23 12:20 227648 ----a-w- c:\windows\system32\aswBoot.exe
      2012-07-18 17:47 . 2012-08-15 11:48 2345984 ----a-w- c:\windows\system32\win32k.sys
      2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
      2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
      2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
      2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
      2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
      2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
      2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
      2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
      2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
      2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
      2012-09-12 16:11 . 2012-04-17 18:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
      "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
      "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
      "FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2011-02-17 1347912]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
      "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
      "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
      "DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
      "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
      "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
      "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
      "Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
      "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
      "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-17 142616]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-17 177432]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-17 176408]
      "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
      "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2012-06-28 365512]
      .
      c:\users\ib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\ib\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
      OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
      2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Notification Packages REG_MULTI_SZ DPPassFilter scecli
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
      @="Service"
      .
      R1 buyjhitc;buyjhitc;c:\windows\system32\drivers\buyjhitc.sys [x]
      R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
      R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
      R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
      R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
      R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
      R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
      R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
      R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
      S0 SafeBoot;SafeBoot; [x]
      S0 SbAlg;SbAlg; [x]
      S0 SbFsLock;SbFsLock; [x]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
      S1 RsvLock;RsvLock; [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [x]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
      S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
      S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
      S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
      S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
      S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
      S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
      S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
      S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
      S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
      S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
      S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
      S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
      S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
      S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
      S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
      S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
      S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      GPSvcGroup REG_MULTI_SZ GPSvc
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:52]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
      .
      2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003Core.job
      - c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003UA.job
      - c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
      .
      2012-09-29 c:\windows\Tasks\HPCeeScheduleForib.job
      - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.fr/
      uInternet Settings,ProxyOverride = *.local
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      Trusted Zone: //about.htm/
      Trusted Zone: //Exclude.htm/
      Trusted Zone: //LanguageSelection.htm/
      Trusted Zone: //Message.htm/
      Trusted Zone: //MyAgttryCmd.htm/
      Trusted Zone: //MyAgttryNag.htm/
      Trusted Zone: //MyNotification.htm/
      Trusted Zone: //NOCLessUpdate.htm/
      Trusted Zone: //quarantine.htm/
      Trusted Zone: //ScanNow.htm/
      Trusted Zone: //strings.vbs/
      Trusted Zone: //Template.htm/
      Trusted Zone: //Update.htm/
      Trusted Zone: //VirFound.htm/
      Trusted Zone: mcafee.com\*
      Trusted Zone: mcafeeasap.com\betavscan
      Trusted Zone: mcafeeasap.com\vs
      Trusted Zone: mcafeeasap.com\www
      TCP: DhcpNameServer = 192.168.1.100 192.168.1.100
      DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
      FF - ProfilePath - c:\users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\
      FF - prefs.js: browser.search.defaulturl -
      FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
      FF - prefs.js: network.proxy.type - 0
      FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
      FF - user.js: extensions.BabylonToolbar_i.babExt -
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - d82da84000000000000070f3955e3b80
      FF - user.js: extensions.BabylonToolbar_i.hardId - d82da84000000000000070f3955e3b80
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:57
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
      user_pref('extensions.dealply.partner', 'iron');
      user_pref('extensions.dealply.channel', 'iron3');
      user_pref('extensions.dealply.installId', 'v23600289160359708527922012041608584121');
      user_pref('extensions.dealply.installIdSource', 'inst');
      user_pref('extensions.dealply.sampleGroup', '1');
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-10 - (no file)
      HKCU-Run-ares - c:\program files\Ares\Ares.exe
      HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
      AddRemove-Athan - c:\windows\iun6002.exe
      AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
      AddRemove-LSI Soft Modem - c:\windows\agrsmdel
      AddRemove-PDF Creator - c:\program\uninstpw.exe
      AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
      "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
      @DACL=(02 0000)
      @=""
      "Installed"="1"
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
      @DACL=(02 0000)
      @=""
      "Installed"="1"
      "NoChange"="1"
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
      @DACL=(02 0000)
      @=""
      "Installed"="1"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000b5
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'lsass.exe'(684)
      c:\windows\system32\DPFPApi.DLL
      .
      Completion time: 2012-10-08 18:28:13
      ComboFix-quarantined-files.txt 2012-10-08 14:28
      .
      Pre-Run: 206,511,542,272 bytes free
      Post-Run: 206,417,240,064 bytes free
      .
      - - End Of File - - 66CF92AFCCE7DBE3BE41D9E7DD2026C4
      0
  9. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Désinstalle Max Secure


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------

    KillAll::

    ClearJavaCache::

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-

    Driver::
    buyjhitc

    Rootkit::
    c:\windows\system32\drivers\buyjhitc.sys

    Firefox::
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - d82da84000000000000070f3955e3b80
    FF - user.js: extensions.BabylonToolbar_i.hardId - d82da84000000000000070f3955e3b80
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:57
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    user_pref('extensions.dealply.partner', 'iron');
    user_pref('extensions.dealply.channel', 'iron3');
    user_pref('extensions.dealply.installId', 'v23600289160359708527922012041608584121');
    user_pref('extensions.dealply.installIdSource', 'inst');
    user_pref('extensions.dealply.sampleGroup', '1');

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Voici le rapport, je l'ai fait en mode sans échec avec réseau car sinon le PC s'éteint et l examen ne se fait pas:

      ComboFix 12-10-08.02 - ib 08/10/2012 21:17:14.4.4 - x86 NETWORK
      Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2991.2408 [GMT 4:00]
      Running from: c:\users\ib\Desktop\innovator22.exe
      Command switches used :: c:\users\ib\Desktop\CFScript.txt
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Service_buyjhitc
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-08 17:56 . 2012-10-08 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-10-08 14:41 . 2012-10-08 18:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\offreg.dll
      2012-10-08 13:10 . 2012-10-08 14:29 -------- d-----w- C:\innovator22
      2012-10-08 12:07 . 2012-10-08 12:08 -------- d-----w- c:\programdata\Max Secure
      2012-10-08 12:04 . 2012-10-08 12:04 -------- d-----w- c:\users\ib\AppData\Local\Max Secure Software
      2012-10-08 12:02 . 2012-10-08 12:02 -------- d-----w- c:\users\ib\AppData\Roaming\GetRightToGo
      2012-10-08 10:48 . 2012-10-08 10:48 -------- d-----w- C:\_OTL
      2012-10-08 08:43 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\mpengine.dll
      2012-10-07 12:54 . 2012-10-07 13:36 -------- d-----w- C:\ZHP
      2012-10-07 12:54 . 2012-10-07 13:32 -------- d-----w- c:\program files\ZHPDiag
      2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\users\ib\AppData\Roaming\Malwarebytes
      2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\programdata\Malwarebytes
      2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-10-07 10:35 . 2012-10-07 10:36 -------- d-----w- C:\7ef52122b874919de198bef501d88d
      2012-10-03 14:46 . 2012-10-03 14:46 -------- d-----w- c:\users\ib\AppData\Local\ElevatedDiagnostics
      2012-10-03 11:03 . 2012-06-22 07:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
      2012-10-03 11:03 . 2012-06-22 07:38 767960 ----a-w- c:\windows\BDTSupport.dll
      2012-10-03 11:03 . 2012-06-22 07:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
      2012-10-03 11:03 . 2012-06-22 07:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
      2012-10-03 11:03 . 2012-06-22 07:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
      2012-10-03 11:00 . 2012-10-03 11:00 -------- d-----w- c:\program files\PC Tools
      2012-10-03 10:56 . 2012-06-22 11:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
      2012-10-03 10:56 . 2012-10-07 22:48 -------- d-----w- c:\program files\Common Files\PC Tools
      2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Enigma Software Group
      2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
      2012-10-03 09:47 . 2012-10-07 22:39 -------- d-----w- c:\programdata\PC Tools
      2012-10-03 09:47 . 2012-10-03 09:47 -------- d-----w- c:\users\ib\AppData\Roaming\TestApp
      2012-09-26 08:23 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-09-23 10:07 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-09-12 08:10 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
      2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
      2012-09-12 08:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-09-12 08:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-09-12 08:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-09-12 08:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-07 13:42 . 2011-11-11 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
      2012-09-21 14:52 . 2012-04-07 13:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-09-21 14:52 . 2011-12-03 03:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-08-21 09:13 . 2011-06-20 11:24 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2012-08-21 09:13 . 2010-08-23 12:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2012-08-21 09:13 . 2010-08-23 12:20 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2012-08-21 09:13 . 2012-04-08 23:51 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
      2012-08-21 09:13 . 2010-08-23 12:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2012-08-21 09:13 . 2010-08-23 12:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2012-08-21 09:12 . 2010-08-23 12:20 41224 ----a-w- c:\windows\avastSS.scr
      2012-08-21 09:12 . 2010-08-23 12:20 227648 ----a-w- c:\windows\system32\aswBoot.exe
      2012-07-18 17:47 . 2012-08-15 11:48 2345984 ----a-w- c:\windows\system32\win32k.sys
      2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
      2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
      2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
      2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
      2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
      2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
      2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
      2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
      2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
      2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
      2012-09-12 16:11 . 2012-04-17 18:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
      "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
      "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
      "FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2011-02-17 1347912]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
      "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
      "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
      "DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
      "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
      "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
      "Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
      "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
      "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-17 142616]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-17 177432]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-17 176408]
      "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
      "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2012-06-28 365512]
      "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
      .
      c:\users\ib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\ib\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
      OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
      2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Notification Packages REG_MULTI_SZ DPPassFilter scecli
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
      @="Service"
      .
      R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
      R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
      R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
      R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
      R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
      R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
      R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
      R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
      S0 SafeBoot;SafeBoot; [x]
      S0 SbAlg;SbAlg; [x]
      S0 SbFsLock;SbFsLock; [x]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
      S1 RsvLock;RsvLock; [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [x]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
      S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
      S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
      S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
      S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
      S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
      S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
      S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
      S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
      S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
      S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
      S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
      S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
      S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
      S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
      S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
      S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
      S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      GPSvcGroup REG_MULTI_SZ GPSvc
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:52]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
      .
      2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003Core.job
      - c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
      .
      2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003UA.job
      - c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
      .
      2012-09-29 c:\windows\Tasks\HPCeeScheduleForib.job
      - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.fr/
      uInternet Settings,ProxyOverride = *.local
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      Trusted Zone: //about.htm/
      Trusted Zone: //Exclude.htm/
      Trusted Zone: //LanguageSelection.htm/
      Trusted Zone: //Message.htm/
      Trusted Zone: //MyAgttryCmd.htm/
      Trusted Zone: //MyAgttryNag.htm/
      Trusted Zone: //MyNotification.htm/
      Trusted Zone: //NOCLessUpdate.htm/
      Trusted Zone: //quarantine.htm/
      Trusted Zone: //ScanNow.htm/
      Trusted Zone: //strings.vbs/
      Trusted Zone: //Template.htm/
      Trusted Zone: //Update.htm/
      Trusted Zone: //VirFound.htm/
      Trusted Zone: mcafee.com\*
      Trusted Zone: mcafeeasap.com\betavscan
      Trusted Zone: mcafeeasap.com\vs
      Trusted Zone: mcafeeasap.com\www
      TCP: DhcpNameServer = 192.168.1.100 192.168.1.100
      DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
      FF - ProfilePath - c:\users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\
      FF - prefs.js: browser.search.defaulturl -
      FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
      FF - prefs.js: network.proxy.type - 0
      FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
      FF - user.js: extensions.BabylonToolbar_i.babExt -
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - d82da84000000000000070f3955e3b80
      FF - user.js: extensions.BabylonToolbar_i.hardId - d82da84000000000000070f3955e3b80
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:57
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
      user_pref('extensions.dealply.partner', 'iron');
      user_pref('extensions.dealply.channel', 'iron3');
      user_pref('extensions.dealply.installId', 'v23600289160359708527922012041608584121');
      user_pref('extensions.dealply.installIdSource', 'inst');
      user_pref('extensions.dealply.sampleGroup', '1');
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
      "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'lsass.exe'(680)
      c:\windows\system32\DPFPApi.DLL
      .
      - - - - - - - > 'Explorer.exe'(6100)
      c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
      c:\windows\system32\WLANExt.exe
      c:\windows\system32\conhost.exe
      c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
      c:\program files\LSI SoftModem\agrsmsvc.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
      c:\program files\Microsoft\BingBar\SeaPort.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\windows\system32\wbem\unsecapp.exe
      c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
      c:\windows\system32\taskhost.exe
      c:\windows\system32\conhost.exe
      c:\program files\Synaptics\SynTP\SynTPHelper.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      c:\program files\Citrix\ICA Client\wfcrun32.exe
      c:\program files\iPod\bin\iPodService.exe
      c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
      c:\program files\Alwil Software\Avast5\AvastSvc.exe
      .
      **************************************************************************
      .
      Completion time: 2012-10-08 22:23:07 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-10-08 18:22
      ComboFix2.txt 2012-10-08 14:28
      .
      Pre-Run: 205,734,563,840 bytes free
      Post-Run: 205,253,763,072 bytes free
      .
      - - End Of File - - C914A6E5A62CFF4D5E32B0A27B24E70E
      0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Tu as très bien fait :) on a délogé un rootkit.

    Certaines clés du mode sans échec sont attrophiées. ça m'étonne que tu ai pu l'atteindre. ou alors combofix se trompe ^^

    Attention !!! : cet outil peut etre détecté à tort comme virus
    Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous


    Tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.


    Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....

    Télécharge et enregistre Pre_Scan sur ton bureau :

    https://forums-fec.be/gen-hackman/Pre_Scan.exe

    Miroirs :

    http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
    http://www.archive-host.com

    Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

    Une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

    Si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

    Si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

    https://forums-fec.be/gen-hackman/Pre_Scan.pif

    Si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

    Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

    Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

    Il est possible que l'outil fasse redemarrer ton pc plusieurs fois , laisse-le faire

    NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

    Heberge le rapport sur FEC Upload puis donne le lien obtenu en echange

    Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Salut,
      Voici le lien:
      https://forums-fec.be/upload/www/?a=d&i=1156123319
      Pre_Scan a fait redémarrer le PC qu'une fois et je n'ai pas vu Defogger (Je ne regardais pas tout le temps).

      Merci
      0
  11. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    @: à L'attention de ceux qui utilisent les switchs de Pre_script :
    n'utiliser que les switchs proposés sur la page correspondante :
    https://gen-hackman.kanak.fr/

    ==========================

    Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
    ___________________________________________________
    Kill::

    Backup::
    C:\Users\ib\AppData\Local\FLVService

    Reboot::

    ___________________________________________________

    Relance Pre_scan puis choisis l'option "Script"

    une page va s'ouvrir

    logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.

    sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.

    puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

    des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

    poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail

    .::. Contributeur Sécurité .::.
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Voia:

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1009 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      ib : Windows 7 Professional (32 bits)

      Switchs : https://gen-hackman.kanak.fr/

      Script : 14:00:31

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


      ¤


      Fin : 14:00:32

      ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
      0
    2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      t'as rien copié
      0
    3. innovator22 Messages postés 37 Statut Membre
       
      Comment ca j'ai rien copié? J'ai posté le Pre_script apparu en fin de travail.
      Pour info, le PC a redémarré une fois
      0
    4. innovator22 Messages postés 37 Statut Membre
       
      En fait, je copie le texte, ouve pre_scan et script et le texte est déjà là.
      Je ferme et le programme se lance mais directement le PC reboot et après il y a le script que j'ai publié
      0
    5. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      t'as fait fichier -> enregistrer avant de fermer le bloc note ?
      0
  12. g3n-h@ckm@n
     
    salut est-ce que tu vois ce dossier ?

    C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService.P_S

    ?
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Non,

      J'ai plein de C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService mais aucun finissant par .P_S
      0
  13. g3n-h@ckm@n
     
    comment ca t'en as plein ???
    0
    1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      ah faut tous les noter? jpouvais pas juste mettre le dossier? ^^
      0
    2. innovator22 Messages postés 37 Statut Membre
       
      Je me suis peut etre mal exprimé. Ce que je veux dire est que j'ai environ 78 adresses dans la quarataine
      exemple:

      C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService_Yahoo! France(2).bin.P_S

      C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService_Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134703388097904486438777992079#pid1830-c-z.bin

      C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService_Tuerie en Haute-Savoie _ qui est la famille al-Hilli _ - Le Nouvel Observateur.bin

      Ils ne sont pas sous forme de dossiers contrairement à
      C'_Users_ib_AppData_Roaming_InstallShield.P_S par exemple
      Donc aucun ''dossier'':
      C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService.P_S

      Est ce que c'est plus clair?
      0
    3. g3n-h@ckm@n
       
      ah faut tous les noter? jpouvais pas juste mettre le dossier? ^^

      mouhahhahaha ben non il va "backuper" uniquement ce qui a l'extension .P_S ici en l'occurence les fichiers qui ont té supprimés et non le dossier , le dossier doit etre encore present avec des trucs dedans je pense ( j'ai whitelisté le dossier :)

      je viens de poster ca devrait arriver d un instant à l autre le robot me l'a mangé ^^
      0
  14. g3n-h@ckm@n
     
    lol sacré julien ^^

    (bon c'est de ma faute j'aurais du lire le rapport aussi .... ^^ )

    colle ca dans script de pre_scan :

    Backup::
    C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_&_suid=134703388097904486438777992079.bin
    C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_vid=733861&_suid=1348251196301007150852750684705.bin
    C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692(2).bin
    C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692.bin
    C:\Users\ib\AppData\Local\FLVService\#pid4278-c-la-vie-autrement.html_sc_cmpid=FBCom&fb_comment_id=fbc_10150582155539503_22903805_10.bin
    C:\Users\ib\AppData\Local\FLVService\(15 non lus) - elkhialys - Yahoo! Mail.bin
    C:\Users\ib\AppData\Local\FLVService\Accueil - CANALPLUS.FR(4).bin
    C:\Users\ib\AppData\Local\FLVService\Bernard Tapie _ « Il faut se calmer avec le PSG. Ce n'est pas encore le Real Madrid! » - lePari(2).bin
    C:\Users\ib\AppData\Local\FLVService\Bernard Tapie _ « Il faut se calmer avec le PSG. Ce n'est pas encore le Real Madrid! » - lePari(3).bin
    C:\Users\ib\AppData\Local\FLVService\Bernard Tapie _ « Il faut se calmer avec le PSG. Ce n'est pas encore le Real Madrid! » - lePari.bin
    C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(2).bin
    C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(3).bin
    C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(4).bin
    C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Chuck Norris promet _1000 ans de ténèbres_ en cas de réélection d'Obama [VIDEO] - News films St.bin
    C:\Users\ib\AppData\Local\FLVService\EN DIRECT. Caricatures _ la police se déploie autour de la Mosquée de Paris.bin
    C:\Users\ib\AppData\Local\FLVService\Extrait Métastases - Le docteur M'Foudi - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Facebook(3).bin
    C:\Users\ib\AppData\Local\FLVService\Facebook(4).bin
    C:\Users\ib\AppData\Local\FLVService\Ferrari 458 Italia SOUND - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Foot - Bleus - Diaby vers un forfait.bin
    C:\Users\ib\AppData\Local\FLVService\Football _ Actu foot - foot en direct - resultat foot - mercato - L'Equipefr(2).bin
    C:\Users\ib\AppData\Local\FLVService\Gallery_ Top 20 fastest selling car models.bin
    C:\Users\ib\AppData\Local\FLVService\Goldman Sachs partie 1 2012 09 04 - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Google Actualités.bin
    C:\Users\ib\AppData\Local\FLVService\GulfTalent.com.bin
    C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr(2).bin
    C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr.bin
    C:\Users\ib\AppData\Local\FLVService\JEAN CHAREST se fait chanter Na Na Hey Hey Goodbye - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Killer Whale Attacks Unsuspecting Girl - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\L'inoubliable _mix_ de Forest Gump - Maurice Skyrock - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\La Rafle - Bande-annonce - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Le 20h avant l'heure _ Tuerie en Haute-Savoie, la scène du crime reconstituée - Economie - TF1 .bin
    C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR#pid3349-c-le-grand-journal.html_&_suid=134684552508609901240905.bin
    C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR.bin
    C:\Users\ib\AppData\Local\FLVService\Les Français appelés à la vigilance dans une vingtaine de pays - 20minutes.fr.bin
    C:\Users\ib\AppData\Local\FLVService\Maurice chez Fogiel - Télé Dimanche - Canal plus - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22 Heures reçoit Thierry Ardisson - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22h_ Je vais t'enculer...!!! - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock dans _Envoyé Spécial_ 1995 - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Nature Shock_ When Killer Whales Attack - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(2).bin
    C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(3).bin
    C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(4).bin
    C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1.bin
    C:\Users\ib\AppData\Local\FLVService\PIGLOO - Papa pingouin - Le bébé manchot - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\PSG _ Armand « On peut parler à Zlatan. Ce n'est pas un monstre » _ Transfert et actualité Foot.bin
    C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube(2).bin
    C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\SeaWorld releases video of 2006 killer whale attack - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Sport _ toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba,.bin
    C:\Users\ib\AppData\Local\FLVService\Step Up (Final Dance Scene) - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Steppin Final - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube(2).bin
    C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Street Dance (The Film) - Final (Surge) - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Street Dance - Candy Scene - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\The Famous Costa Rica Crocodile Pocho died 11 october 2011 in Siquirres - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\The Future in Dubai_ Sheik Mohammed's Vision - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\The Kingdom Tower & Tallest Skyscrapers Of The World - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Tuerie de Chevaline _ le père identifié - Europe1.fr - Faits divers.bin
    C:\Users\ib\AppData\Local\FLVService\Tuerie en Haute-Savoie _ qui est la famille al-Hilli _ - Le Nouvel Observateur.bin
    C:\Users\ib\AppData\Local\FLVService\UAE Vision 2021 - TVC - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Vertex Productions - Portfolio - Dubailand.bin
    C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo(2).bin
    C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo.bin
    C:\Users\ib\AppData\Local\FLVService\View from Atmosphere Lounge on the 123th Floor of Burj Khalifa - Dubai, UAE - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\Walter Zenga appeals Dh2,000 fine for calling reporter's question 'stupid' - The National.bin
    C:\Users\ib\AppData\Local\FLVService\Yahoo! France(2).bin
    C:\Users\ib\AppData\Local\FLVService\Yahoo! France(3).bin
    C:\Users\ib\AppData\Local\FLVService\Yahoo! France.bin
    C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134703388097904486438777992079#pid1830-c-z.bin
    C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134825117503409752298626293637#pid1830-c-z.bin
    C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part1 - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part2 - YouTube.bin
    C:\Users\ib\AppData\Local\FLVService\___ Pentominium The Defined Height Of Luxury ___.bin
    C:\Users\ib\AppData\Local\FLVService\À 73 ans, Raymond, patron du Montmartre, prend sa retraite - Caen - Faits de société - ouest-fr(2).bin
    C:\Users\ib\AppData\Local\FLVService\À 73 ans, Raymond, patron du Montmartre, prend sa retraite - Caen - Faits de société - ouest-fr.bin
    C:\Users\ib\Desktop\Downloads

    0
    1. innovator22 Messages postés 37 Statut Membre
       
      ok c'Est fait, ce fut très rapide, voici le rapport:

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1009 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      ib : Windows 7 Professional (32 bits)

      Switchs : https://gen-hackman.kanak.fr/

      Script : 20:18:18

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      File restored : C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_&_suid=134703388097904486438777992079.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_vid=733861&_suid=1348251196301007150852750684705.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\#pid4278-c-la-vie-autrement.html_sc_cmpid=FBCom&fb_comment_id=fbc_10150582155539503_22903805_10.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\(15 non lus) - elkhialys - Yahoo! Mail.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Accueil - CANALPLUS.FR(4).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(3).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(4).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\EN DIRECT. Caricatures _ la police se déploie autour de la Mosquée de Paris.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Extrait Métastases - Le docteur M'Foudi - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Facebook(3).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Facebook(4).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Ferrari 458 Italia SOUND - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Foot - Bleus - Diaby vers un forfait.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Football _ Actu foot - foot en direct - resultat foot - mercato - L'Equipefr(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Gallery_ Top 20 fastest selling car models.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Goldman Sachs partie 1 2012 09 04 - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Google Actualités.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\GulfTalent.com.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\JEAN CHAREST se fait chanter Na Na Hey Hey Goodbye - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Killer Whale Attacks Unsuspecting Girl - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\L'inoubliable _mix_ de Forest Gump - Maurice Skyrock - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\La Rafle - Bande-annonce - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Le 20h avant l'heure _ Tuerie en Haute-Savoie, la scène du crime reconstituée - Economie - TF1 .bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR#pid3349-c-le-grand-journal.html_&_suid=134684552508609901240905.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Les Français appelés à la vigilance dans une vingtaine de pays - 20minutes.fr.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Maurice chez Fogiel - Télé Dimanche - Canal plus - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22 Heures reçoit Thierry Ardisson - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22h_ Je vais t'enculer...!!! - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock dans _Envoyé Spécial_ 1995 - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Nature Shock_ When Killer Whales Attack - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(3).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(4).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\PIGLOO - Papa pingouin - Le bébé manchot - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\SeaWorld releases video of 2006 killer whale attack - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Sport _ toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba,.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Step Up (Final Dance Scene) - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Steppin Final - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Street Dance (The Film) - Final (Surge) - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Street Dance - Candy Scene - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\The Famous Costa Rica Crocodile Pocho died 11 october 2011 in Siquirres - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\The Future in Dubai_ Sheik Mohammed's Vision - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\The Kingdom Tower & Tallest Skyscrapers Of The World - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Tuerie de Chevaline _ le père identifié - Europe1.fr - Faits divers.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Tuerie en Haute-Savoie _ qui est la famille al-Hilli _ - Le Nouvel Observateur.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\UAE Vision 2021 - TVC - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Vertex Productions - Portfolio - Dubailand.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\View from Atmosphere Lounge on the 123th Floor of Burj Khalifa - Dubai, UAE - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Walter Zenga appeals Dh2,000 fine for calling reporter's question 'stupid' - The National.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Yahoo! France(2).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Yahoo! France(3).bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Yahoo! France.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134703388097904486438777992079#pid1830-c-z.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134825117503409752298626293637#pid1830-c-z.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part1 - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part2 - YouTube.bin
      File restored : C:\Users\ib\AppData\Local\FLVService\___ Pentominium The Defined Height Of Luxury ___.bin

      ¤
      0
  15. g3n-h@ckm@n
     
    bon tout est remis en place sauf les trois derniers...

    colle ca dans le script :

    command::
    move /y "C:\Pre_Scan\Quarantine\C'_Users_ib_Desktop_Downloads.P_S" "C:\Users\ib\Desktop\Downloads"
    If Exist "C:\Users\ib\Desktop\Downloads" then ( echo restoré >> %Homedrive%\Pre_script.txt ) else ( echo ...raté >> %Homedrive%\Pre_script.txt )

    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Ok, c'est fait:

      Voici le rapport:

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1009 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      ib : Windows 7 Professional (32 bits)

      Switchs : https://gen-hackman.kanak.fr/

      Script : 22:33:42

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      File Batch executé

      ¤


      Fin : 22:33:43

      ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
      0
  16. g3n-h@ckm@n
     
    as-tu retrouvé ton dossier "Downloads" sur le bureau ?
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Non
      0
  17. g3n-h@ckm@n
     
    tu as selectionné le texte en une seule fois ou ligne par ligne ?
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      En une seule fois, pourquoi?
      0
  18. g3n-h@ckm@n
     
    ok bon ben recupère-le il est dans la quarantaine de pre_scan si tu y tiens
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Ok, c'est fait, merci.
      Qu'est ce que je fais maintenant?
      0
  19. g3n-h@ckm@n
     
    refais une suppression avec adwcleaner voir
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Ok, voici le rapport:

      # AdwCleaner v2.004 - Logfile created 10/10/2012 at 00:07:07
      # Updated 06/10/2012 by Xplode
      # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
      # User : ib - HP-4420S-IB
      # Boot Mode : Normal
      # Running from : C:\Users\ib\Downloads\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\ConduitCommon
      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\CT1060933
      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\crossriderapp2258@crossrider.com
      Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\Searchqutoolbar

      ***** [Registry] *****

      Key Deleted : HKCU\Software\Headlight

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      [OK] Registry is clean.

      -\\ Mozilla Firefox v15.0.1 (en-US)

      Profile name : default
      File : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\prefs.js

      C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\user.js ... Deleted !

      Deleted : user_pref("CT1060933..clientLogIsEnabled", true);
      Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
      Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
      Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
      Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
      Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
      Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
      Deleted : user_pref("CT1060933.CTID", "CT1060933");
      Deleted : user_pref("CT1060933.CurrentServerDate", "11-5-2012");
      Deleted : user_pref("CT1060933.DSChangedManually", false);
      Deleted : user_pref("CT1060933.DSInstall", true);
      Deleted : user_pref("CT1060933.DSProtectChoice", true);
      Deleted : user_pref("CT1060933.DSProtectCount", 1);
      Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
      Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri May 11 2012 13:57:19 GMT+0400 (Arabian Standa[...]
      Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
      Deleted : user_pref("CT1060933.FirstServerDate", "18-1-2012");
      Deleted : user_pref("CT1060933.FirstTime", true);
      Deleted : user_pref("CT1060933.FirstTimeFF3", true);
      Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
      Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
      Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
      Deleted : user_pref("CT1060933.HPChangedManually", true);
      Deleted : user_pref("CT1060933.HPInstall", true);
      Deleted : user_pref("CT1060933.HPProtectChoice", true);
      Deleted : user_pref("CT1060933.HPProtectCount", 22);
      Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
      Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);
      Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
      Deleted : user_pref("CT1060933.Initialize", true);
      Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
      Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
      Deleted : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
      Deleted : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
      Deleted : user_pref("CT1060933.InstalledDate", "Tue Jan 17 2012 23:07:29 GMT-0500 (Eastern Standard Time)");
      Deleted : user_pref("CT1060933.InvalidateCache", false);
      Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
      Deleted : user_pref("CT1060933.IsGrouping", false);
      Deleted : user_pref("CT1060933.IsInitSetupIni", true);
      Deleted : user_pref("CT1060933.IsMulticommunity", false);
      Deleted : user_pref("CT1060933.IsOpenThankYouPage", false);
      Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
      Deleted : user_pref("CT1060933.IsProtectorsInit", true);
      Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Fri May 11 2012 13:57:18 GMT+0400 (Arabian Standar[...]
      Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
      Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
      Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Sat May 12 2012 00:12:42 GMT+0400 (Arabian Standard Time)[...]
      Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Thu May 03 2012 12:23:22 GMT+0400 (Arabian Standard Time)"[...]
      Deleted : user_pref("CT1060933.LatestVersion", "3.12.2.3");
      Deleted : user_pref("CT1060933.Locale", "en-us");
      Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
      Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
      Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
      Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
      Deleted : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
      Deleted : user_pref("CT1060933.RadioIsPodcast", false);
      Deleted : user_pref("CT1060933.RadioLastCheckTime", "Fri May 11 2012 13:57:13 GMT+0400 (Arabian Standard Time)[...]
      Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
      Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
      Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
      Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
      Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
      Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);
      Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
      Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
      Deleted : user_pref("CT1060933.SavedHomepage", "hxxp://www.searchqu.com/406");
      Deleted : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
      Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
      Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
      Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
      Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
      Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
      Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Fri May 11 2012 13:57:07 GMT+0400 (Arabian Stand[...]
      Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
      Deleted : user_pref("CT1060933.SearchProtectorEnabled", true);
      Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
      Deleted : user_pref("CT1060933.SendProtectorDataViaLogin", true);
      Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Fri May 11 2012 13:57:08 GMT+0400 (Arabian Standard [...]
      Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Fri May 11 2012 13:57:04 GMT+0400 (Arabian Standard Ti[...]
      Deleted : user_pref("CT1060933.SettingsLastUpdate", "1330957254");
      Deleted : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
      Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
      Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Thu May 03 2012 12:23:19 GMT+0400 (Arabian Sta[...]
      Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");
      Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
      Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
      Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
      Deleted : user_pref("CT1060933.UserID", "UN99496689075077359");
      Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
      Deleted : user_pref("CT1060933.alertChannelId", "15651");
      Deleted : user_pref("CT1060933.autoDisableScopes", -1);
      Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
      Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
      Deleted : user_pref("CT1060933.backendstorage.cbcountry_000", "4652");
      Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "547565204A616E20313720323031322032333A30373A34312[...]
      Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
      Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "576564204D617920313620323031322031333A[...]
      Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E69746564206172616220656D697261[...]
      Deleted : user_pref("CT1060933.backendstorage.undefined", "4672692046656220303320323031322031313A31343A3431204[...]
      Deleted : user_pref("CT1060933.backendstorage.url_history", "68747470733A2F2F636F6E6E6563742E696E73696768742E6[...]
      Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F66722E6D633239372E6D61696C2E796[...]
      Deleted : user_pref("CT1060933.backendstorage.url_history_time", "31333238313231313931333938");
      Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
      Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu May 03 2012 12:23:22 GMT+0400 (Arabian [...]
      Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
      Deleted : user_pref("CT1060933.initDone", true);
      Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
      Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
      Deleted : user_pref("CT1060933.myStuffEnabled", true);
      Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
      Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
      Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
      Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
      Deleted : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
      Deleted : user_pref("CT1060933.revertSettingsEnabled", false);
      Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
      Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
      Deleted : user_pref("CT1060933.testingCtid", "");
      Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Fri May 11 2012 13:57:19 GMT+0400 (Arabian S[...]
      Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Thu May 03 2012 12:23:22 GMT+0400 (Arabian S[...]
      Deleted : user_pref("CT1060933.usagesFlag", 2);
      Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
      Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/CA", "\"0\"");
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
      Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
      Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ib\\AppData\\Roaming\\Mozilla\\Fire[...]
      Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
      Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&appi[...]
      Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
      Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
      Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
      Deleted : user_pref("CommunityToolbar.globalUserId", "1f7f1e33-7d13-4dc3-a424-1477d9675255");
      Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
      Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
      Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
      Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri May 11 2012 13:57:1[...]
      Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
      Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri May 11 2012 13:57:19 GMT+040[...]
      Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
      Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
      Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
      Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 11 2012 13:57:08 GMT+0400 (A[...]
      Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
      Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
      Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
      Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
      Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
      Deleted : user_pref("CommunityToolbar.notifications.userId", "8a50ed18-6ea7-4c60-9932-f3060d46c54f");
      Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");
      Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
      Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
      Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
      Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
      Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
      Deleted : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search");
      Deleted : user_pref("extensions.BabylonToolbar.admin", false);
      Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
      Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
      Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=050412_30b");
      Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 11);
      Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
      Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
      Deleted : user_pref("extensions.BabylonToolbar.id", "d82da84000000000000070f3955e3b80");
      Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15446");
      Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
      Deleted : user_pref("extensions.BabylonToolbar.lastDP", 11);
      Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.178:57:40");
      Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
      Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
      Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
      Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
      Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
      Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 75290295);
      Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
      Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
      Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
      Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
      Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
      Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
      Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.178:57:40");
      Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
      Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
      Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
      Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=050412_30b");
      Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d82da84000000000000070f3955e3b80");
      Deleted : user_pref("extensions.BabylonToolbar_i.id", "d82da84000000000000070f3955e3b80");
      Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15446");
      Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
      Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
      Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=05041[...]
      Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
      Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
      Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
      Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
      Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
      Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
      Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:57:40");
      Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
      Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
      Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1334559521);
      Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
      Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
      Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 8);
      Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
      Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1334559521");
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1334559521");
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1336824523");
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Fri May 18 2012 13:58:13 [...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2220646%22");
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221112%22");
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2230570%22");
      Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
      Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
      Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\n(function(a){a.geoplugin=fu[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
      Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(c){c.selectedText=f[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(){v[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
      Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
      Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
      Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 2);
      Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
      Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
      Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
      Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
      Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
      Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
      Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
      Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 53);
      Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
      Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
      Deleted : user_pref("extensions.crossriderapp2258.bic", "13711cbe59ba8bf82424c19227c27029");
      Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
      Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
      Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
      Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1336033405);
      Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22279479);
      Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22279493);
      Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1336769557878");
      Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1336769557859");

      -\\ Google Chrome v [Unable to get version]

      File : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [17404 octets] - [08/10/2012 02:57:18]
      AdwCleaner[S2].txt - [17296 octets] - [08/10/2012 03:00:28]
      AdwCleaner[S3].txt - [27562 octets] - [10/10/2012 00:07:07]

      ########## EOF - C:\AdwCleaner[S3].txt - [27623 octets] ##########
      0
  20. g3n-h@ckm@n
     
    looooooool mais tu fais quoi avec ton pc ??????
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Lol, Pourquoi?? Je vais sur internet principalement, sites sportifs youtube. Des films en streaming aussi (pas de téléchargement) ou il y a enormément de pubs, peut etre je me suis fait infecté comme ca
      Je vais un peu sur internet en ce moment, est ce que je dois éviter totalement avant la fin de la procédure?
      0
  21. g3n-h@ckm@n
     
    le streaming est le meilleur moyen de se faire infecter alors pendant la procedure pas de streaming
    0
    1. innovator22 Messages postés 37 Statut Membre
       
      Pas de problèmes, je retiens. Quelle est la suite?
      Merci
      0
  • 1
  • 2