Bonjour, J'ai fait les étapes décrites par Smart91 jusqu'à celui du diagnostic dans ZHPDiag (https://forums.commentcamarche.net/forum/affich-25172750-smart-repair Voici mon rapport ZHPDiag: https://pjjoint.malekal.com/files.php?id=ZHPDiag_20121007_t13j12q10x10u11 Quelqu'un peut-il m'aider à terminer car j'ai retrouvé les documents, je n'ai plus le pop-up qui me dit que mon disque est infesté mais j'ai toujours l'écran noir en fond d'écran et mon PC en mode normal s'éteint systématiquement au bout de 4, 5 minutes (la fan tourne à plein régime juste avant que le PC s'éteigne subitement). Je pense donc que le virus n'est pas totalement éliminé ou alors j'ai d'autres problèmes que je ne comnais pas... Merci de votre aide. Configuration: Windows 7 / Internet Explorer 9.0

Recovery file à éliminer [Résolu]

Réponse 1 / 23

Utilisateur anonyme
Modifié par fraci13 le 7/10/2012 à 18:10

bonjour,

OK. poste tous les rapport MBAM ecc que t'as fait.

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
7 oct. 2012 à 23:38

Je n'ai fait qu'un rapport et en mode sans échec avec réseau car sinon le PC s'éteint et l examen ne se fait pas:

Malwarebytes Anti-Malware (Essai) 1.65.0.1400
www.malwarebytes.org

Version de la base de données: v2012.10.07.02

Windows 7 Service Pack 1 x86 NTFS (Mode sans échec/Réseau)
Internet Explorer 9.0.8112.16421
ib :: HP-4420S-IB [administrateur]

Protection: Désactivé

07/10/2012 3:12:28 PM
mbam-log-2012-10-07 (15-12-28).txt

Type d'examen: Examen complet (C:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 590700
Temps écoulé: 1 heure(s), 11 minute(s), 8 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 37
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports2) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Mis en quarantaine et supprimé avec succès.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Données: -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Données: 1 -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Données: -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Données: 2 -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Données: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Données: 215 Apps -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Mauvais: (http://www.helpmeopen.com/?n=app&ext=%s) Bon: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 12
C:\Program Files\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\ShoppingReport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\AppData\Local\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 21
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReports2) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\cbWBqvdjur.exe (Trojan.FakeAlert) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RTPtr9uwR4dBwM.exe (Trojan.FakeAlert) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\fb.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\jquery.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\I Want This\json.js (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\ib\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

(fin)

Merci

Réponse 2 / 23

Utilisateur anonyme
7 oct. 2012 à 23:46

bonsoir,

Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner https://toolslib.net (Merci à Xplode)

Lance le,

(Pour vista et seven => clic droit "executer en tant qu'administrateur")

clique sur suppression et poste son rapport

adblock https://www.commentcamarche.net/telecharger/web-internet/25023-adblock-plus/ plus est un module pour firefox il marche trés bien

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 01:08

Voici le rapport:

# AdwCleaner v2.004 - Logfile created 10/08/2012 at 03:00:28
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : ib - HP-4420S-IB
# Boot Mode : Normal
# Running from : C:\Users\ib\Downloads\adwcleaner (2).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\Freecorder
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\Users\ib\AppData\Local\Babylon
Folder Deleted : C:\Users\ib\AppData\Local\Conduit
Folder Deleted : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Deleted : C:\Users\ib\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\ib\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\ib\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\ib\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\ib\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ib\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\ib\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\ib\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\ib\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\ib\AppData\Roaming\Babylon
Folder Deleted : C:\Users\ib\AppData\Roaming\Complitly
Folder Deleted : C:\Users\ib\Documents\Freecorder
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B6654AE-0CF4-4904-BB75-9B336F9FD374}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF21C819-BC4E-4542-9819-4D5E8A4EA983}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\Software\SearchquMediabarTb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Preferences

Réponse 3 / 23

Utilisateur anonyme
8 oct. 2012 à 01:36

@juju666 > j'ai tes laisse prendre la suite !

@innovator22 >un helper habilité passera surmont pour ici il
prendra la suite.

bon nuit

Réponse 4 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 08:33

Bonjour,

Si tel est le désir de fraci13 ...

Télécharge ici :OTL

▶ enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶ => Clique ici pour voir la Configuration

▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT

▶ Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

heberge OTL.txt et extra.txt sur FEC Upload et donne les liens obtenus en échange

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 11:10

Bonjour,

Voici les liens:
- OTL rapport: https://forums-fec.be/upload/www/?a=d&i=9829740335
- Extras rapport: https://forums-fec.be/upload/www/?a=d&i=9013856534

Merci.

Réponse 5 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 11:41

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶ Copie la liste qui se trouve en gras ci-dessous et colle-la dans la zone sous "Personnalisation" :

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://www1.search-results.com/web?l=dis&q=&o=APN10645&apn_dtid=%5EBND406%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAG6&d=406-102&lang=en&atb=sysid%3D406%3Aappid%3D102%3Auid%3D2e8ae18d63404f14%3Asrc%3Dffb%3Ao%3DAPN10645%3Atg%3D&p2=%5EAG6%5EBND406%5EYY%5EFR"
[2011/10/25 04:59:43 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/04/16 10:58:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com
MOD - [2011/09/27 21:10:41 | 001,236,368 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll
[2011/01/29 04:46:28 | 000,001,849 | ---- | C] () -- C:\Users\ib\AppData\Roaming\GhostObjGAFix.xml
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
[2012/04/16 10:58:51 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/01/05 23:03:18 | 000,000,923 | ---- | M] () -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\conduit.xml
[2011/10/25 04:59:39 | 000,002,520 | ---- | M] () -- C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\SearchResults.xml
[2010/09/05 03:33:10 | 000,003,806 | ---- | M] () -- C:\windows\system32\Tasks\Scheduled Update for Ask Toolbar

:Commands
[EMPTYTEMP]

▶ Clique sur "Correction" pour lancer la suppression.

▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail apres le redemarrage.

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 12:56

Ok,

Voici le rapport:

All processes killed
========== OTL ==========
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "http://www1.search-results.com/web?l=dis&q=&o=APN10645&apn_dtid=%5EBND406%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAG6&d=406-102&lang=en&atb=sysid%3D406%3Aappid%3D102%3Auid%3D2e8ae18d63404f14%3Asrc%3Dffb%3Ao%3DAPN10645%3Atg%3D&p2=%5EAG6%5EBND406%5EYY%5EFR" removed from keyword.URL
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\ib\AppData\Roaming\GhostObjGAFix.xml moved successfully.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\conduit.xml moved successfully.
C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\searchplugins\SearchResults.xml moved successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ib
->Temp folder emptied: 51878640 bytes
->Temporary Internet Files folder emptied: 140058223 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47708102 bytes
->Google Chrome cache emptied: 12025024 bytes
->Flash cache emptied: 39405 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1460152 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218671700 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13235194 bytes

Total Files Cleaned = 463.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_144835

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Réponse 6 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 13:19

Bien.

Fais moi un topo des soucis restants.

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 13:45

Ok alors:
- L'antivirus Avast me signale toutes les minutes qu'une adresse URL malveillante a été bloquée
Processus: C:\windows\Explorer.EXE
Il parle d'Explorer mais j'utilise Firefox. Est ce que je devrais changer d'antivirus?
- Ca fait plusieurs mois qu'il y a une mise à jour Java que je veux installer qui échoue systématiquement, je ne comprends pas pourquoi.

Sinon, la fan fonctionne moins et il semble que le PC ne s'éteigne plus au bout de quelques minutes.

J'ai lu dans d'autres forums qu'il fallait désactiver les points de restauration et en créer un pour éviter que le virus reste dans ces points de restauration? Est-ce que je dois le faire? comment le faire?

Aussi, il semble conseiller d'avoir les dernières mises à jour de Java Flash etc. Peux tu donner les liens sûrs pour faire les update?

Je ne vois rien d'autre pour le moment.

Merci encore.

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 13:52

Autre chose,

Est ce que je dois effacer RogueKiller, ZHPDiag etc. et toues rapports?
Merci

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 14:06

On s'en charge à la fin. Fais combofix pour le moment !

Réponse 7 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 13:47

En fait explorer.exe c'est ton explorateur windows.
Il a du être infecté.
On va le réparer.

Pour ce qui est de Java on s'en chargera après.

Fais ceci :

▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

▶ Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

Si tu es sur Windows XP, laisse-le installer la console de récupération.

▶ Ne touche à rien durant le scan

ComboFix devrait redémarrer ton PC.

▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 14:15

Il semble y avoir une erreur aussi avec Firefox car j'ai la meme alerte Avast avec Processus: C:\Program Files\Mozilla Firefox!firefox.exe.

Sinon, je ne peux pas télécharger ComboFix ( le lien sur lequel ca renvoi http://download.bleepingcomputer.com/sUBs/ComboFix.exe est bloqué par le filtre du fournisseur... Je suis aux Emirats arabes unis)
Alors je suis allé sur google et ce site, j'ai commencé à télécharger et je me suis rendu compte que ca semblait un fake: www.combofix.org
Qu'est ce que je fais?
Merci

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 14:47

Coupe Avast! clic droit sur son logo dans la barre des tâches -> désactiver tous les agents -> jusqu'au prochain redémarrage

Ensuite dans protection supplémentaire tu coupe également l'autosandbox qui fait ch$er ^^

===========

combofix.org est un fake, je te l'ai hébergé ici : https://forums-fec.be/tools/innovator22.exe

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 16:38

Voila:

ComboFix 12-10-08.01 - ib 08/10/2012 17:20:09.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2991.1760 [GMT 4:00]
Running from: c:\users\ib\Desktop\innovator22.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TelevisionFanaticEI
c:\programdata\RTPtr9uwR4dBwM
C:\Thumbs.db
c:\users\ib\AppData\Roaming\Local
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Les.Portes.De.La.Gloire.DVDRip.XViD.by francescao.avi.ddr
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Les.Portes.de.la.Gloire.WaWa.avi.ddr
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Les.Portes.De.La.Gloire.DVDRip.XViD.by francescao.avi
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Les.Portes.de.la.Gloire.WaWa.avi.ddp
c:\users\ib\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\ib\Documents\~WRL0001.tmp
c:\users\ib\Documents\~WRL0005.tmp
c:\users\ib\Documents\~WRL1227.tmp
c:\users\ib\Documents\~WRL3798.tmp
c:\windows\iun6002.exe
c:\windows\system32\pt
c:\windows\system32\pt\DPCont32.dll.mui
c:\windows\system32\pt\DPCrProv.dll.mui
c:\windows\system32\pt\DPFPApiUI.dll.mui
c:\windows\system32\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 14:05 . 2012-10-08 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 13:01 . 2012-10-08 13:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\offreg.dll
2012-10-08 12:07 . 2012-10-08 12:08 -------- d-----w- c:\programdata\Max Secure
2012-10-08 12:04 . 2012-10-08 12:04 -------- d-----w- c:\users\ib\AppData\Local\Max Secure Software
2012-10-08 12:02 . 2012-10-08 12:02 -------- d-----w- c:\users\ib\AppData\Roaming\GetRightToGo
2012-10-08 10:48 . 2012-10-08 10:48 -------- d-----w- C:\_OTL
2012-10-08 08:43 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\mpengine.dll
2012-10-07 12:54 . 2012-10-07 13:36 -------- d-----w- C:\ZHP
2012-10-07 12:54 . 2012-10-07 13:32 -------- d-----w- c:\program files\ZHPDiag
2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\users\ib\AppData\Roaming\Malwarebytes
2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\programdata\Malwarebytes
2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-07 10:35 . 2012-10-07 10:36 -------- d-----w- C:\7ef52122b874919de198bef501d88d
2012-10-03 14:46 . 2012-10-03 14:46 -------- d-----w- c:\users\ib\AppData\Local\ElevatedDiagnostics
2012-10-03 11:03 . 2012-06-22 07:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-10-03 11:03 . 2012-06-22 07:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-10-03 11:03 . 2012-06-22 07:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-10-03 11:03 . 2012-06-22 07:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-10-03 11:03 . 2012-06-22 07:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-10-03 11:00 . 2012-10-03 11:00 -------- d-----w- c:\program files\PC Tools
2012-10-03 10:56 . 2012-06-22 11:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-03 10:56 . 2012-10-07 22:48 -------- d-----w- c:\program files\Common Files\PC Tools
2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Enigma Software Group
2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-03 09:47 . 2012-10-07 22:39 -------- d-----w- c:\programdata\PC Tools
2012-10-03 09:47 . 2012-10-03 09:47 -------- d-----w- c:\users\ib\AppData\Roaming\TestApp
2012-09-26 08:23 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 10:07 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-12 08:10 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 08:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 08:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-07 13:42 . 2011-11-11 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-21 14:52 . 2012-04-07 13:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 14:52 . 2011-12-03 03:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2011-06-20 11:24 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2010-08-23 12:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2010-08-23 12:20 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-04-08 23:51 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2010-08-23 12:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2010-08-23 12:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2010-08-23 12:20 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2010-08-23 12:20 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-18 17:47 . 2012-08-15 11:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-09-12 16:11 . 2012-04-17 18:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2011-02-17 1347912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-17 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-17 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-17 176408]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2012-06-28 365512]
.
c:\users\ib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ib\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 buyjhitc;buyjhitc;c:\windows\system32\drivers\buyjhitc.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:52]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003Core.job
- c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003UA.job
- c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
.
2012-09-29 c:\windows\Tasks\HPCeeScheduleForib.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.100 192.168.1.100
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d82da84000000000000070f3955e3b80
FF - user.js: extensions.BabylonToolbar_i.hardId - d82da84000000000000070f3955e3b80
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600289160359708527922012041608584121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-Athan - c:\windows\iun6002.exe
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-PDF Creator - c:\program\uninstpw.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\DPFPApi.DLL
.
Completion time: 2012-10-08 18:28:13
ComboFix-quarantined-files.txt 2012-10-08 14:28
.
Pre-Run: 206,511,542,272 bytes free
Post-Run: 206,417,240,064 bytes free
.
- - End Of File - - 66CF92AFCCE7DBE3BE41D9E7DD2026C4

Réponse 8 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 16:49

Désinstalle Max Secure

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------

KillAll::

ClearJavaCache::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Driver::
buyjhitc

Rootkit::
c:\windows\system32\drivers\buyjhitc.sys

Firefox::
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d82da84000000000000070f3955e3b80
FF - user.js: extensions.BabylonToolbar_i.hardId - d82da84000000000000070f3955e3b80
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600289160359708527922012041608584121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
8 oct. 2012 à 20:27

Voici le rapport, je l'ai fait en mode sans échec avec réseau car sinon le PC s'éteint et l examen ne se fait pas:

ComboFix 12-10-08.02 - ib 08/10/2012 21:17:14.4.4 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2991.2408 [GMT 4:00]
Running from: c:\users\ib\Desktop\innovator22.exe
Command switches used :: c:\users\ib\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_buyjhitc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 17:56 . 2012-10-08 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 14:41 . 2012-10-08 18:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\offreg.dll
2012-10-08 13:10 . 2012-10-08 14:29 -------- d-----w- C:\innovator22
2012-10-08 12:07 . 2012-10-08 12:08 -------- d-----w- c:\programdata\Max Secure
2012-10-08 12:04 . 2012-10-08 12:04 -------- d-----w- c:\users\ib\AppData\Local\Max Secure Software
2012-10-08 12:02 . 2012-10-08 12:02 -------- d-----w- c:\users\ib\AppData\Roaming\GetRightToGo
2012-10-08 10:48 . 2012-10-08 10:48 -------- d-----w- C:\_OTL
2012-10-08 08:43 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3652ADA-F9C1-4949-8CD2-AB235E1C694A}\mpengine.dll
2012-10-07 12:54 . 2012-10-07 13:36 -------- d-----w- C:\ZHP
2012-10-07 12:54 . 2012-10-07 13:32 -------- d-----w- c:\program files\ZHPDiag
2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\users\ib\AppData\Roaming\Malwarebytes
2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\programdata\Malwarebytes
2012-10-07 11:11 . 2012-10-07 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-07 10:35 . 2012-10-07 10:36 -------- d-----w- C:\7ef52122b874919de198bef501d88d
2012-10-03 14:46 . 2012-10-03 14:46 -------- d-----w- c:\users\ib\AppData\Local\ElevatedDiagnostics
2012-10-03 11:03 . 2012-06-22 07:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-10-03 11:03 . 2012-06-22 07:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-10-03 11:03 . 2012-06-22 07:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-10-03 11:03 . 2012-06-22 07:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-10-03 11:03 . 2012-06-22 07:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-10-03 11:00 . 2012-10-03 11:00 -------- d-----w- c:\program files\PC Tools
2012-10-03 10:56 . 2012-06-22 11:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-03 10:56 . 2012-10-07 22:48 -------- d-----w- c:\program files\Common Files\PC Tools
2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Enigma Software Group
2012-10-03 09:57 . 2012-10-03 09:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-03 09:47 . 2012-10-07 22:39 -------- d-----w- c:\programdata\PC Tools
2012-10-03 09:47 . 2012-10-03 09:47 -------- d-----w- c:\users\ib\AppData\Roaming\TestApp
2012-09-26 08:23 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 10:07 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-12 08:10 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:10 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 08:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 08:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-07 13:42 . 2011-11-11 00:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-21 14:52 . 2012-04-07 13:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 14:52 . 2011-12-03 03:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2011-06-20 11:24 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2010-08-23 12:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2010-08-23 12:20 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-04-08 23:51 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2010-08-23 12:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2010-08-23 12:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2010-08-23 12:20 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2010-08-23 12:20 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-18 17:47 . 2012-08-15 11:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-09-12 16:11 . 2012-04-17 18:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2011-02-17 1347912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 1721640]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-17 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-17 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-17 176408]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2012-06-28 365512]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
.
c:\users\ib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ib\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:52]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 13:47]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003Core.job
- c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4099513575-3542663224-1003661492-1003UA.job
- c:\users\ib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 23:30]
.
2012-09-29 c:\windows\Tasks\HPCeeScheduleForib.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.100 192.168.1.100
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d82da84000000000000070f3955e3b80
FF - user.js: extensions.BabylonToolbar_i.hardId - d82da84000000000000070f3955e3b80
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23600289160359708527922012041608584121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(6100)
c:\users\ib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-10-08 22:23:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-08 18:22
ComboFix2.txt 2012-10-08 14:28
.
Pre-Run: 205,734,563,840 bytes free
Post-Run: 205,253,763,072 bytes free
.
- - End Of File - - C914A6E5A62CFF4D5E32B0A27B24E70E

Réponse 9 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
8 oct. 2012 à 22:28

Tu as très bien fait :) on a délogé un rootkit.

Certaines clés du mode sans échec sont attrophiées. ça m'étonne que tu ai pu l'atteindre. ou alors combofix se trompe ^^

Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous

Tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....

Télécharge et enregistre Pre_Scan sur ton bureau :

https://forums-fec.be/gen-hackman/Pre_Scan.exe

Miroirs :

http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
http://www.archive-host.com

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

Une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

Si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

Si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

https://forums-fec.be/gen-hackman/Pre_Scan.pif

Si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

Il est possible que l'outil fasse redemarrer ton pc plusieurs fois , laisse-le faire

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur FEC Upload puis donne le lien obtenu en echange

Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 11:44

Salut,
Voici le lien:
https://forums-fec.be/upload/www/?a=d&i=1156123319
Pre_Scan a fait redémarrer le PC qu'une fois et je n'ai pas vu Defogger (Je ne regardais pas tout le temps).

Merci

Réponse 10 / 23

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
Modifié par juju666 le 9/10/2012 à 11:51

@: à L'attention de ceux qui utilisent les switchs de Pre_script :
n'utiliser que les switchs proposés sur la page correspondante :
https://gen-hackman.kanak.fr/

==========================

Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::

Backup::
C:\Users\ib\AppData\Local\FLVService

Reboot::
___________________________________________________

Relance Pre_scan puis choisis l'option "Script"

une page va s'ouvrir

logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.

sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail

.::. Contributeur Sécurité .::.

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 12:04

Voia:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1009 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ib : Windows 7 Professional (32 bits)

Switchs : https://gen-hackman.kanak.fr/

Script : 14:00:31

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤

Fin : 14:00:32

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
9 oct. 2012 à 12:11

t'as rien copié

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 12:17

Comment ca j'ai rien copié? J'ai posté le Pre_script apparu en fin de travail.
Pour info, le PC a redémarré une fois

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 12:25

En fait, je copie le texte, ouve pre_scan et script et le texte est déjà là.
Je ferme et le programme se lance mais directement le PC reboot et après il y a le script que j'ai publié

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
9 oct. 2012 à 12:38

t'as fait fichier -> enregistrer avant de fermer le bloc note ?

Réponse 11 / 23

Utilisateur anonyme
9 oct. 2012 à 14:18

salut est-ce que tu vois ce dossier ?

C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService.P_S

?

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 15:02

Non,

J'ai plein de C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService mais aucun finissant par .P_S

Réponse 12 / 23

Utilisateur anonyme
9 oct. 2012 à 17:04

comment ca t'en as plein ???

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
9 oct. 2012 à 17:06

ah faut tous les noter? jpouvais pas juste mettre le dossier? ^^

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
Modifié par innovator22 le 9/10/2012 à 17:29

Je me suis peut etre mal exprimé. Ce que je veux dire est que j'ai environ 78 adresses dans la quarataine
exemple:

C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService_Yahoo! France(2).bin.P_S

C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService_Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134703388097904486438777992079#pid1830-c-z.bin

C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService_Tuerie en Haute-Savoie _ qui est la famille al-Hilli _ - Le Nouvel Observateur.bin

Ils ne sont pas sous forme de dossiers contrairement à
C'_Users_ib_AppData_Roaming_InstallShield.P_S par exemple
Donc aucun ''dossier'':
C:\Pre_Scan\Quarantine\C'_Users_ib_AppData_Local_FLVService.P_S

Est ce que c'est plus clair?

Utilisateur anonyme
9 oct. 2012 à 18:14

ah faut tous les noter? jpouvais pas juste mettre le dossier? ^^

mouhahhahaha ben non il va "backuper" uniquement ce qui a l'extension .P_S ici en l'occurence les fichiers qui ont té supprimés et non le dossier , le dossier doit etre encore present avec des trucs dedans je pense ( j'ai whitelisté le dossier :)

je viens de poster ca devrait arriver d un instant à l autre le robot me l'a mangé ^^

Réponse 13 / 23

Utilisateur anonyme
9 oct. 2012 à 18:11

lol sacré julien ^^

(bon c'est de ma faute j'aurais du lire le rapport aussi .... ^^ )

colle ca dans script de pre_scan :

Backup::
C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_&_suid=134703388097904486438777992079.bin
C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_vid=733861&_suid=1348251196301007150852750684705.bin
C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692(2).bin
C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692.bin
C:\Users\ib\AppData\Local\FLVService\#pid4278-c-la-vie-autrement.html_sc_cmpid=FBCom&fb_comment_id=fbc_10150582155539503_22903805_10.bin
C:\Users\ib\AppData\Local\FLVService\(15 non lus) - elkhialys - Yahoo! Mail.bin
C:\Users\ib\AppData\Local\FLVService\Accueil - CANALPLUS.FR(4).bin
C:\Users\ib\AppData\Local\FLVService\Bernard Tapie _ « Il faut se calmer avec le PSG. Ce n'est pas encore le Real Madrid! » - lePari(2).bin
C:\Users\ib\AppData\Local\FLVService\Bernard Tapie _ « Il faut se calmer avec le PSG. Ce n'est pas encore le Real Madrid! » - lePari(3).bin
C:\Users\ib\AppData\Local\FLVService\Bernard Tapie _ « Il faut se calmer avec le PSG. Ce n'est pas encore le Real Madrid! » - lePari.bin
C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(2).bin
C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(3).bin
C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(4).bin
C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Chuck Norris promet _1000 ans de ténèbres_ en cas de réélection d'Obama [VIDEO] - News films St.bin
C:\Users\ib\AppData\Local\FLVService\EN DIRECT. Caricatures _ la police se déploie autour de la Mosquée de Paris.bin
C:\Users\ib\AppData\Local\FLVService\Extrait Métastases - Le docteur M'Foudi - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Facebook(3).bin
C:\Users\ib\AppData\Local\FLVService\Facebook(4).bin
C:\Users\ib\AppData\Local\FLVService\Ferrari 458 Italia SOUND - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Foot - Bleus - Diaby vers un forfait.bin
C:\Users\ib\AppData\Local\FLVService\Football _ Actu foot - foot en direct - resultat foot - mercato - L'Equipefr(2).bin
C:\Users\ib\AppData\Local\FLVService\Gallery_ Top 20 fastest selling car models.bin
C:\Users\ib\AppData\Local\FLVService\Goldman Sachs partie 1 2012 09 04 - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Google Actualités.bin
C:\Users\ib\AppData\Local\FLVService\GulfTalent.com.bin
C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr(2).bin
C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr.bin
C:\Users\ib\AppData\Local\FLVService\JEAN CHAREST se fait chanter Na Na Hey Hey Goodbye - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Killer Whale Attacks Unsuspecting Girl - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\L'inoubliable _mix_ de Forest Gump - Maurice Skyrock - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\La Rafle - Bande-annonce - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Le 20h avant l'heure _ Tuerie en Haute-Savoie, la scène du crime reconstituée - Economie - TF1 .bin
C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR#pid3349-c-le-grand-journal.html_&_suid=134684552508609901240905.bin
C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR.bin
C:\Users\ib\AppData\Local\FLVService\Les Français appelés à la vigilance dans une vingtaine de pays - 20minutes.fr.bin
C:\Users\ib\AppData\Local\FLVService\Maurice chez Fogiel - Télé Dimanche - Canal plus - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22 Heures reçoit Thierry Ardisson - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22h_ Je vais t'enculer...!!! - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock dans _Envoyé Spécial_ 1995 - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Nature Shock_ When Killer Whales Attack - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(2).bin
C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(3).bin
C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(4).bin
C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1.bin
C:\Users\ib\AppData\Local\FLVService\PIGLOO - Papa pingouin - Le bébé manchot - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\PSG _ Armand « On peut parler à Zlatan. Ce n'est pas un monstre » _ Transfert et actualité Foot.bin
C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube(2).bin
C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\SeaWorld releases video of 2006 killer whale attack - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Sport _ toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba,.bin
C:\Users\ib\AppData\Local\FLVService\Step Up (Final Dance Scene) - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Steppin Final - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube(2).bin
C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Street Dance (The Film) - Final (Surge) - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Street Dance - Candy Scene - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\The Famous Costa Rica Crocodile Pocho died 11 october 2011 in Siquirres - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\The Future in Dubai_ Sheik Mohammed's Vision - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\The Kingdom Tower & Tallest Skyscrapers Of The World - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Tuerie de Chevaline _ le père identifié - Europe1.fr - Faits divers.bin
C:\Users\ib\AppData\Local\FLVService\Tuerie en Haute-Savoie _ qui est la famille al-Hilli _ - Le Nouvel Observateur.bin
C:\Users\ib\AppData\Local\FLVService\UAE Vision 2021 - TVC - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Vertex Productions - Portfolio - Dubailand.bin
C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo(2).bin
C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo.bin
C:\Users\ib\AppData\Local\FLVService\View from Atmosphere Lounge on the 123th Floor of Burj Khalifa - Dubai, UAE - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\Walter Zenga appeals Dh2,000 fine for calling reporter's question 'stupid' - The National.bin
C:\Users\ib\AppData\Local\FLVService\Yahoo! France(2).bin
C:\Users\ib\AppData\Local\FLVService\Yahoo! France(3).bin
C:\Users\ib\AppData\Local\FLVService\Yahoo! France.bin
C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134703388097904486438777992079#pid1830-c-z.bin
C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134825117503409752298626293637#pid1830-c-z.bin
C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part1 - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part2 - YouTube.bin
C:\Users\ib\AppData\Local\FLVService\___ Pentominium The Defined Height Of Luxury ___.bin
C:\Users\ib\AppData\Local\FLVService\À 73 ans, Raymond, patron du Montmartre, prend sa retraite - Caen - Faits de société - ouest-fr(2).bin
C:\Users\ib\AppData\Local\FLVService\À 73 ans, Raymond, patron du Montmartre, prend sa retraite - Caen - Faits de société - ouest-fr.bin
C:\Users\ib\Desktop\Downloads

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
Modifié par innovator22 le 9/10/2012 à 18:29

ok c'Est fait, ce fut très rapide, voici le rapport:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1009 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ib : Windows 7 Professional (32 bits)

Switchs : https://gen-hackman.kanak.fr/

Script : 20:18:18

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

File restored : C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_&_suid=134703388097904486438777992079.bin
File restored : C:\Users\ib\AppData\Local\FLVService\#pid1830-c-zapping.html_vid=733861&_suid=1348251196301007150852750684705.bin
File restored : C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\#pid3349-c-le-grand-journal.html_&_suid=1346954408418017265821944313692.bin
File restored : C:\Users\ib\AppData\Local\FLVService\#pid4278-c-la-vie-autrement.html_sc_cmpid=FBCom&fb_comment_id=fbc_10150582155539503_22903805_10.bin
File restored : C:\Users\ib\AppData\Local\FLVService\(15 non lus) - elkhialys - Yahoo! Mail.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Accueil - CANALPLUS.FR(4).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(3).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube(4).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Best Goals FIFA Futsal World Cup 2008 - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\EN DIRECT. Caricatures _ la police se déploie autour de la Mosquée de Paris.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Extrait Métastases - Le docteur M'Foudi - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Facebook(3).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Facebook(4).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Ferrari 458 Italia SOUND - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Foot - Bleus - Diaby vers un forfait.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Football _ Actu foot - foot en direct - resultat foot - mercato - L'Equipefr(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Gallery_ Top 20 fastest selling car models.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Goldman Sachs partie 1 2012 09 04 - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Google Actualités.bin
File restored : C:\Users\ib\AppData\Local\FLVService\GulfTalent.com.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Hotmail - selkhialy@hotmail.fr.bin
File restored : C:\Users\ib\AppData\Local\FLVService\JEAN CHAREST se fait chanter Na Na Hey Hey Goodbye - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Killer Whale Attacks Unsuspecting Girl - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\L'inoubliable _mix_ de Forest Gump - Maurice Skyrock - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\La Rafle - Bande-annonce - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Le 20h avant l'heure _ Tuerie en Haute-Savoie, la scène du crime reconstituée - Economie - TF1 .bin
File restored : C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR#pid3349-c-le-grand-journal.html_&_suid=134684552508609901240905.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Le Grand Journal - CANALPLUS.FR.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Les Français appelés à la vigilance dans une vingtaine de pays - 20minutes.fr.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Maurice chez Fogiel - Télé Dimanche - Canal plus - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22 Heures reçoit Thierry Ardisson - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock 22h_ Je vais t'enculer...!!! - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Maurice Skyrock dans _Envoyé Spécial_ 1995 - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Nature Shock_ When Killer Whales Attack - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(3).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1(4).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Nouvelle Volkswagen Golf 7 _ en vidéo officielle - News Automoto 2012 - MYTF1.bin
File restored : C:\Users\ib\AppData\Local\FLVService\PIGLOO - Papa pingouin - Le bébé manchot - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Ricardinho - Nagoya Oceans - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\SeaWorld releases video of 2006 killer whale attack - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Sport _ toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba,.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Step Up (Final Dance Scene) - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Steppin Final - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Steppin_ The Movie full movie part 1 - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Street Dance (The Film) - Final (Surge) - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Street Dance - Candy Scene - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\The Famous Costa Rica Crocodile Pocho died 11 october 2011 in Siquirres - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\The Future in Dubai_ Sheik Mohammed's Vision - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\The Kingdom Tower & Tallest Skyscrapers Of The World - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Tuerie de Chevaline _ le père identifié - Europe1.fr - Faits divers.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Tuerie en Haute-Savoie _ qui est la famille al-Hilli _ - Le Nouvel Observateur.bin
File restored : C:\Users\ib\AppData\Local\FLVService\UAE Vision 2021 - TVC - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Vertex Productions - Portfolio - Dubailand.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Vidéos - club de football LOGICA TOULOUSE FOOTBALL CLUB - Footeo.bin
File restored : C:\Users\ib\AppData\Local\FLVService\View from Atmosphere Lounge on the 123th Floor of Burj Khalifa - Dubai, UAE - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Walter Zenga appeals Dh2,000 fine for calling reporter's question 'stupid' - The National.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Yahoo! France(2).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Yahoo! France(3).bin
File restored : C:\Users\ib\AppData\Local\FLVService\Yahoo! France.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134703388097904486438777992079#pid1830-c-z.bin
File restored : C:\Users\ib\AppData\Local\FLVService\Zapping - CANALPLUS.FR#pid1830-c-zapping.html_&_suid=134825117503409752298626293637#pid1830-c-z.bin
File restored : C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part1 - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\_Skyrock_ parle de banlieue part2 - YouTube.bin
File restored : C:\Users\ib\AppData\Local\FLVService\___ Pentominium The Defined Height Of Luxury ___.bin

¤

Réponse 14 / 23

Utilisateur anonyme
9 oct. 2012 à 18:32

bon tout est remis en place sauf les trois derniers...

colle ca dans le script :

command::
move /y "C:\Pre_Scan\Quarantine\C'_Users_ib_Desktop_Downloads.P_S" "C:\Users\ib\Desktop\Downloads"
If Exist "C:\Users\ib\Desktop\Downloads" then ( echo restoré >> %Homedrive%\Pre_script.txt ) else ( echo ...raté >> %Homedrive%\Pre_script.txt )

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 20:35

Ok, c'est fait:

Voici le rapport:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1009 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ib : Windows 7 Professional (32 bits)

Switchs : https://gen-hackman.kanak.fr/

Script : 22:33:42

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

File Batch executé

¤

Fin : 22:33:43

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

Réponse 15 / 23

Utilisateur anonyme
9 oct. 2012 à 21:14

as-tu retrouvé ton dossier "Downloads" sur le bureau ?

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 21:28

Non

Réponse 16 / 23

Utilisateur anonyme
9 oct. 2012 à 21:32

tu as selectionné le texte en une seule fois ou ligne par ligne ?

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 21:36

En une seule fois, pourquoi?

Réponse 17 / 23

Utilisateur anonyme
9 oct. 2012 à 21:37

ok bon ben recupère-le il est dans la quarantaine de pre_scan si tu y tiens

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 21:44

Ok, c'est fait, merci.
Qu'est ce que je fais maintenant?

Réponse 18 / 23

Utilisateur anonyme
9 oct. 2012 à 22:02

refais une suppression avec adwcleaner voir

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 22:11

Ok, voici le rapport:

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 00:07:07
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : ib - HP-4420S-IB
# Boot Mode : Normal
# Running from : C:\Users\ib\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\ConduitCommon
Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\CT1060933
Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\Searchqutoolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\prefs.js

C:\Users\ib\AppData\Roaming\Mozilla\Firefox\Profiles\1ozel6ef.default\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", true);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CurrentServerDate", "11-5-2012");
Deleted : user_pref("CT1060933.DSChangedManually", false);
Deleted : user_pref("CT1060933.DSInstall", true);
Deleted : user_pref("CT1060933.DSProtectChoice", true);
Deleted : user_pref("CT1060933.DSProtectCount", 1);
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri May 11 2012 13:57:19 GMT+0400 (Arabian Standa[...]
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "18-1-2012");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HPChangedManually", true);
Deleted : user_pref("CT1060933.HPInstall", true);
Deleted : user_pref("CT1060933.HPProtectChoice", true);
Deleted : user_pref("CT1060933.HPProtectCount", 22);
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);
Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT1060933.InstalledDate", "Tue Jan 17 2012 23:07:29 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsInitSetupIni", true);
Deleted : user_pref("CT1060933.IsMulticommunity", false);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", false);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.IsProtectorsInit", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Fri May 11 2012 13:57:18 GMT+0400 (Arabian Standar[...]
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Sat May 12 2012 00:12:42 GMT+0400 (Arabian Standard Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Thu May 03 2012 12:23:22 GMT+0400 (Arabian Standard Time)"[...]
Deleted : user_pref("CT1060933.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Fri May 11 2012 13:57:13 GMT+0400 (Arabian Standard Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SavedHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Fri May 11 2012 13:57:07 GMT+0400 (Arabian Stand[...]
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchProtectorEnabled", true);
Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1060933.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Fri May 11 2012 13:57:08 GMT+0400 (Arabian Standard [...]
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Fri May 11 2012 13:57:04 GMT+0400 (Arabian Standard Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1330957254");
Deleted : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Thu May 03 2012 12:23:19 GMT+0400 (Arabian Sta[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN99496689075077359");
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.autoDisableScopes", -1);
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Deleted : user_pref("CT1060933.backendstorage.cbcountry_000", "4652");
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "547565204A616E20313720323031322032333A30373A34312[...]
Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "576564204D617920313620323031322031333A[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E69746564206172616220656D697261[...]
Deleted : user_pref("CT1060933.backendstorage.undefined", "4672692046656220303320323031322031313A31343A3431204[...]
Deleted : user_pref("CT1060933.backendstorage.url_history", "68747470733A2F2F636F6E6E6563742E696E73696768742E6[...]
Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F66722E6D633239372E6D61696C2E796[...]
Deleted : user_pref("CT1060933.backendstorage.url_history_time", "31333238313231313931333938");
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu May 03 2012 12:23:22 GMT+0400 (Arabian [...]
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", false);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Fri May 11 2012 13:57:19 GMT+0400 (Arabian S[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Thu May 03 2012 12:23:22 GMT+0400 (Arabian S[...]
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/CA", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ib\\AppData\\Roaming\\Mozilla\\Fire[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&appi[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
Deleted : user_pref("CommunityToolbar.globalUserId", "1f7f1e33-7d13-4dc3-a424-1477d9675255");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri May 11 2012 13:57:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri May 11 2012 13:57:19 GMT+040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 11 2012 13:57:08 GMT+0400 (A[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8a50ed18-6ea7-4c60-9932-f3060d46c54f");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=050412_30b");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 11);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "d82da84000000000000070f3955e3b80");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15446");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 11);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.178:57:40");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 75290295);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.178:57:40");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=050412_30b");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d82da84000000000000070f3955e3b80");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "d82da84000000000000070f3955e3b80");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15446");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=05041[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:57:40");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1334559521);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 8);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1334559521");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1334559521");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1336824523");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Fri May 18 2012 13:58:13 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2220646%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221112%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2230570%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\n(function(a){a.geoplugin=fu[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(c){c.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 53);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "13711cbe59ba8bf82424c19227c27029");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1336033405);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22279479);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22279493);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1336769557878");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1336769557859");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ib\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17404 octets] - [08/10/2012 02:57:18]
AdwCleaner[S2].txt - [17296 octets] - [08/10/2012 03:00:28]
AdwCleaner[S3].txt - [27562 octets] - [10/10/2012 00:07:07]

########## EOF - C:\AdwCleaner[S3].txt - [27623 octets] ##########

Réponse 19 / 23

Utilisateur anonyme
9 oct. 2012 à 22:14

looooooool mais tu fais quoi avec ton pc ??????

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
Modifié par innovator22 le 9/10/2012 à 22:27

Lol, Pourquoi?? Je vais sur internet principalement, sites sportifs youtube. Des films en streaming aussi (pas de téléchargement) ou il y a enormément de pubs, peut etre je me suis fait infecté comme ca
Je vais un peu sur internet en ce moment, est ce que je dois éviter totalement avant la fin de la procédure?

Réponse 20 / 23

Utilisateur anonyme
9 oct. 2012 à 22:51

le streaming est le meilleur moyen de se faire infecter alors pendant la procedure pas de streaming

innovator22 Messages postés 37 Date d'inscription dimanche 7 octobre 2012 Statut Membre Dernière intervention 11 août 2013
9 oct. 2012 à 23:09

Pas de problèmes, je retiens. Quelle est la suite?
Merci

Recovery file à éliminer

23 réponses

Discussions similaires

Newsletters