Trojan.Win32.Generic! BT à supprimer. A l'aide !
Chocomouss
Messages postés
144
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
ca fait depuis quelque temps qu'apres pas mal de scan, je trouve des Trojan Generic BT. J'ai fait quelque recherche, notamment sur certain post de ce site, mais achaque fois, on demande des rapport détailler de PC. Le soucis c'est que je comprends rien à ces rapports, et je ne sais du coup absolument pas comment l'enlever. Et inutile de vous précisez que meme apres suppression du Trojan sur mon antivirus, il reviens :p
Si quelqu'un pouvais m'aider....
PS: Les risques sont-ils forts? mon PC peut-il devenir innaccessible ou quelque chose de ce type?
PS2 : Je suis sur Seven
ca fait depuis quelque temps qu'apres pas mal de scan, je trouve des Trojan Generic BT. J'ai fait quelque recherche, notamment sur certain post de ce site, mais achaque fois, on demande des rapport détailler de PC. Le soucis c'est que je comprends rien à ces rapports, et je ne sais du coup absolument pas comment l'enlever. Et inutile de vous précisez que meme apres suppression du Trojan sur mon antivirus, il reviens :p
Si quelqu'un pouvais m'aider....
PS: Les risques sont-ils forts? mon PC peut-il devenir innaccessible ou quelque chose de ce type?
PS2 : Je suis sur Seven
A voir également:
- Trojan.win32.generic!bt
- Trojan.win32.generic ✓ - Forum Virus
- $Windows.~bt ✓ - Forum Windows 8 / 8.1
- Idp generic c'est quoi - Forum Antivirus
- Bt music splitter - Forum câblage
- Generic!atr.b ✓ - Forum Virus
94 réponses
Résumé de la discussion
La problématique porte sur une détection récurrente d’un Trojan Generic BT après de nombreux scans et la réapparition de l’infection même après suppression, sur Windows 7. Les échanges privilégient l’analyse du fichier suspect C:\Windows\system32\Drivers\gfibto.sys et l’identification d’éléments associés comme C:\Program Files (x86)\Smartp1ck\, avec suggestion de soumettre le fichier à VirusTotal pour analyse. Des propositions évoquent l’usage d’outils de pré-scanner et de scripts (Pre_Scan/Pre_Script) pour générer des rapports et guider le nettoyage, tout en soulignant la difficulté d’interpréter les rapports techniques. La discussion présente une diversité de conseils et un manque de consensus sur la meilleure procédure à suivre.
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 00:23:14 le 27/12/2012
4.
5. Valeur(s) recherchée(s):
6. Ad-Aware
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.dll.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 319 Ko ]
16. TC: 16/11/2012,10:08:54 | TM: 16/11/2012,10:08:54 | DA: 27/12/2012,19:07:55
17.
18.
19. =========================
20.
21.
22. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 542 Ko ]
23. TC: 16/11/2012,10:09:00 | TM: 16/11/2012,10:09:00 | DA: 27/12/2012,19:07:55
24.
25.
26. =========================
27.
28.
29. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_guid.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 32 o ]
30. TC: 27/12/2012,19:07:54 | TM: 27/12/2012,19:07:54 | DA: 27/12/2012,19:07:54
31.
32.
33. =========================
34.
35.
36. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_uninstall.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 445 Ko ]
37. TC: 16/11/2012,10:09:18 | TM: 16/11/2012,10:09:18 | DA: 27/12/2012,19:07:56
38.
39.
40. =========================
41.
42.
43. "C:\Pre_Scan\Quarantine\C'_Users_Public_Desktop_Ad-Aware Antivirus.lnk .P_S" [ ARCHIVE | 2 Ko ]
44. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
45.
46.
47. =========================
48.
49.
50. "C:\Pre_Scan\Quarantine\C'_Users_Thibault_AppData_Roaming_Ad-Aware Antivirus_window-placement.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 63 o ]
51. TC: 21/12/2012,19:54:30 | TM: 26/12/2012,16:05:49 | DA: 26/12/2012,16:05:49
52.
53.
54. =========================
55.
56.
57. "C:\Pre_Scan\Quarantine\C'_Windows_System32_Tasks_Ad-Aware Antivirus Scheduled Scan .P_S" [ ARCHIVE | 4 Ko ]
58. TC: 27/12/2012,19:25:57 | TM: 27/12/2012,19:25:57 | DA: 27/12/2012,19:25:57
59.
60.
61. =========================
62.
63.
64. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
65. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
66.
67.
68. =========================
69.
70.
71. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
72. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
73.
74.
75. =========================
76.
77.
78. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
79. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
80.
81.
82. =========================
83.
84.
85. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
86. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
87.
88.
89. =========================
90.
91.
92. "C:\Users\Thibault\AppData\Local\Downloaded Installations\{AA97CA09-E937-41A4-9FB4-9916245B7363}\Ad-Aware Antivirus.msi" [ NOT_CONTENT_INDEXED|ARCHIVE | 20206 Ko ]
93. TC: 27/12/2012,19:08:36 | TM: 27/12/2012,19:08:35 | DA: 27/12/2012,19:08:36
94.
95.
96. =========================
97.
98.
99.
100. ====== Entrée(s) du registre ======
101.
102.
103. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
104. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
105.
106. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
107. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
108.
109. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
110. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
111.
112. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
113. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
114.
115. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
116. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
117.
118. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
119. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
120.
121. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
122. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
123.
124. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
125. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
126.
127. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
128. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
129.
130. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
131. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
132.
133. [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
134. "InstallLocation"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
135.
136. [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
137. "DisplayName"="Ad-Aware Antivirus" (REG_SZ)
138.
139. [HKLM\Software\SBAMSvc]
140. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
141.
142. [HKLM\Software\SBAMSvc]
143. "Product"="Ad-Aware" (REG_SZ)
144.
145. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
146. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
147.
148. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
149. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
150.
151. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
152. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
153.
154. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
155. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
156.
157. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
158. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
159.
160. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
161. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
162.
163. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
164. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
165.
166. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
167. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
168.
169. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
170. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
171.
172. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
173. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
174.
175. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
176. "InstallLocation"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
177.
178. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
179. "DisplayName"="Ad-Aware Antivirus" (REG_SZ)
180.
181. [HKLM\Software\Wow6432Node\SBAMSvc]
182. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
183.
184. [HKLM\Software\Wow6432Node\SBAMSvc]
185. "Product"="Ad-Aware" (REG_SZ)
186.
187. [HKLM\Software\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
188. "LocalService"="Ad-Aware Service" (REG_SZ)
189.
190. [HKLM\Software\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
191. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
192.
193. [HKLM\Software\Wow6432Node\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
194. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
195.
196. [HKLM\Software\Wow6432Node\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32]
197. "ProductName"="Ad-Aware Antivirus" (REG_SZ)
198.
199. [HKLM\Software\Wow6432Node\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32\SourceList]
200. "PackageName"="Ad-Aware Antivirus.msi" (REG_SZ)
201.
202. [HKLM\Software\Wow6432Node\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
203. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
204.
205. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
206. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
207.
208. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
209. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
210.
211. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
212. "LocalService"="Ad-Aware Service" (REG_SZ)
213.
214. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
215. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
216.
217. [HKLM\Software\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
218. "LocalService"="Ad-Aware Service" (REG_SZ)
219.
220. [HKLM\Software\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
221. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
222.
223. [HKLM\Software\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
224. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
225.
226. [HKLM\Software\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32]
227. "ProductName"="Ad-Aware Antivirus" (REG_SZ)
228.
229. [HKLM\Software\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32\SourceList]
230. "PackageName"="Ad-Aware Antivirus.msi" (REG_SZ)
231.
232. [HKLM\Software\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
233. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
234.
235. [HKLM\Software\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
236. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
237.
238. [HKLM\Software\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
239. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
240.
241. [HKLM\Software\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
242. "LocalService"="Ad-Aware Service" (REG_SZ)
243.
244. [HKLM\Software\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
245. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
246.
247. [HKLM\System\ControlSet001\Control\SafeBoot\Minimal\Ad-Aware Service]
248. DA: 27/12/2012 19:11:16
249.
250. [HKLM\System\ControlSet001\Control\SafeBoot\Network\Ad-Aware Service]
251. DA: 26/12/2012 21:55:55
252.
253. [HKLM\System\ControlSet001\services\Ad-Aware Service]
254. DA: 26/12/2012 23:59:01
255.
256. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
257. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
258.
259. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
260. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
261.
262. [HKLM\System\ControlSet001\services\SBAMSvc]
263. "ImagePath"=""C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"" (REG_EXPAND_SZ)
264.
265. [HKLM\System\ControlSet001\services\SBAMSvc]
266. "DisplayName"="Ad-Aware" (REG_SZ)
267.
268. [HKLM\System\ControlSet001\services\SBHIPS\Parameters\Packages\Common]
269. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
270.
271. [HKLM\System\ControlSet002\Control\SafeBoot\Minimal\Ad-Aware Service]
272. DA: 27/12/2012 19:11:16
273.
274. [HKLM\System\ControlSet002\Control\SafeBoot\Network\Ad-Aware Service]
275. DA: 27/12/2012 19:11:16
276.
277. [HKLM\System\ControlSet002\services\Ad-Aware Service]
278. DA: 26/12/2012 23:59:02
279.
280. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
281. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
282.
283. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
284. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
285.
286. [HKLM\System\ControlSet002\services\SBAMSvc]
287. "ImagePath"=""C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"" (REG_EXPAND_SZ)
288.
289. [HKLM\System\ControlSet002\services\SBAMSvc]
290. "DisplayName"="Ad-Aware" (REG_SZ)
291.
292. [HKLM\System\ControlSet002\services\SBHIPS\Parameters\Packages\Common]
293. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
294.
295. [HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
296. DA: 27/12/2012 19:11:16
297.
298. [HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service]
299. DA: 26/12/2012 21:55:55
300.
301. [HKLM\System\CurrentControlSet\services\Ad-Aware Service]
302. DA: 26/12/2012 23:59:01
303.
304. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
305. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
306.
307. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
308. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
309.
310. [HKLM\System\CurrentControlSet\services\SBAMSvc]
311. "ImagePath"=""C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"" (REG_EXPAND_SZ)
312.
313. [HKLM\System\CurrentControlSet\services\SBAMSvc]
314. "DisplayName"="Ad-Aware" (REG_SZ)
315.
316. [HKLM\System\CurrentControlSet\services\SBHIPS\Parameters\Packages\Common]
317. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
318.
319. =========================
320.
321. Fin à: 00:29:17 le 27/12/2012
322. 1132455 Éléments analysés
323.
324. =========================
325. E.O.F
2.
3. Commencé à: 00:23:14 le 27/12/2012
4.
5. Valeur(s) recherchée(s):
6. Ad-Aware
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.dll.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 319 Ko ]
16. TC: 16/11/2012,10:08:54 | TM: 16/11/2012,10:08:54 | DA: 27/12/2012,19:07:55
17.
18.
19. =========================
20.
21.
22. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 542 Ko ]
23. TC: 16/11/2012,10:09:00 | TM: 16/11/2012,10:09:00 | DA: 27/12/2012,19:07:55
24.
25.
26. =========================
27.
28.
29. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_guid.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 32 o ]
30. TC: 27/12/2012,19:07:54 | TM: 27/12/2012,19:07:54 | DA: 27/12/2012,19:07:54
31.
32.
33. =========================
34.
35.
36. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_uninstall.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 445 Ko ]
37. TC: 16/11/2012,10:09:18 | TM: 16/11/2012,10:09:18 | DA: 27/12/2012,19:07:56
38.
39.
40. =========================
41.
42.
43. "C:\Pre_Scan\Quarantine\C'_Users_Public_Desktop_Ad-Aware Antivirus.lnk .P_S" [ ARCHIVE | 2 Ko ]
44. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
45.
46.
47. =========================
48.
49.
50. "C:\Pre_Scan\Quarantine\C'_Users_Thibault_AppData_Roaming_Ad-Aware Antivirus_window-placement.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 63 o ]
51. TC: 21/12/2012,19:54:30 | TM: 26/12/2012,16:05:49 | DA: 26/12/2012,16:05:49
52.
53.
54. =========================
55.
56.
57. "C:\Pre_Scan\Quarantine\C'_Windows_System32_Tasks_Ad-Aware Antivirus Scheduled Scan .P_S" [ ARCHIVE | 4 Ko ]
58. TC: 27/12/2012,19:25:57 | TM: 27/12/2012,19:25:57 | DA: 27/12/2012,19:25:57
59.
60.
61. =========================
62.
63.
64. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
65. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
66.
67.
68. =========================
69.
70.
71. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
72. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
73.
74.
75. =========================
76.
77.
78. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
79. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
80.
81.
82. =========================
83.
84.
85. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
86. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
87.
88.
89. =========================
90.
91.
92. "C:\Users\Thibault\AppData\Local\Downloaded Installations\{AA97CA09-E937-41A4-9FB4-9916245B7363}\Ad-Aware Antivirus.msi" [ NOT_CONTENT_INDEXED|ARCHIVE | 20206 Ko ]
93. TC: 27/12/2012,19:08:36 | TM: 27/12/2012,19:08:35 | DA: 27/12/2012,19:08:36
94.
95.
96. =========================
97.
98.
99.
100. ====== Entrée(s) du registre ======
101.
102.
103. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
104. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
105.
106. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
107. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
108.
109. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
110. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
111.
112. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
113. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
114.
115. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
116. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
117.
118. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
119. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
120.
121. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
122. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
123.
124. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
125. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
126.
127. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
128. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
129.
130. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
131. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
132.
133. [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
134. "InstallLocation"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
135.
136. [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
137. "DisplayName"="Ad-Aware Antivirus" (REG_SZ)
138.
139. [HKLM\Software\SBAMSvc]
140. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
141.
142. [HKLM\Software\SBAMSvc]
143. "Product"="Ad-Aware" (REG_SZ)
144.
145. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
146. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
147.
148. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
149. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
150.
151. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
152. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
153.
154. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
155. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
156.
157. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
158. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
159.
160. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
161. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
162.
163. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
164. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
165.
166. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
167. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
168.
169. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
170. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
171.
172. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
173. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
174.
175. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
176. "InstallLocation"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
177.
178. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}]
179. "DisplayName"="Ad-Aware Antivirus" (REG_SZ)
180.
181. [HKLM\Software\Wow6432Node\SBAMSvc]
182. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
183.
184. [HKLM\Software\Wow6432Node\SBAMSvc]
185. "Product"="Ad-Aware" (REG_SZ)
186.
187. [HKLM\Software\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
188. "LocalService"="Ad-Aware Service" (REG_SZ)
189.
190. [HKLM\Software\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
191. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
192.
193. [HKLM\Software\Wow6432Node\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
194. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
195.
196. [HKLM\Software\Wow6432Node\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32]
197. "ProductName"="Ad-Aware Antivirus" (REG_SZ)
198.
199. [HKLM\Software\Wow6432Node\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32\SourceList]
200. "PackageName"="Ad-Aware Antivirus.msi" (REG_SZ)
201.
202. [HKLM\Software\Wow6432Node\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
203. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
204.
205. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
206. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
207.
208. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
209. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
210.
211. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
212. "LocalService"="Ad-Aware Service" (REG_SZ)
213.
214. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
215. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
216.
217. [HKLM\Software\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
218. "LocalService"="Ad-Aware Service" (REG_SZ)
219.
220. [HKLM\Software\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
221. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
222.
223. [HKLM\Software\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
224. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
225.
226. [HKLM\Software\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32]
227. "ProductName"="Ad-Aware Antivirus" (REG_SZ)
228.
229. [HKLM\Software\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32\SourceList]
230. "PackageName"="Ad-Aware Antivirus.msi" (REG_SZ)
231.
232. [HKLM\Software\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
233. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
234.
235. [HKLM\Software\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]
236. ""="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll" (REG_SZ)
237.
238. [HKLM\Software\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]
239. ""="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll" (REG_SZ)
240.
241. [HKLM\Software\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
242. "LocalService"="Ad-Aware Service" (REG_SZ)
243.
244. [HKLM\Software\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]
245. ""="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
246.
247. [HKLM\System\ControlSet001\Control\SafeBoot\Minimal\Ad-Aware Service]
248. DA: 27/12/2012 19:11:16
249.
250. [HKLM\System\ControlSet001\Control\SafeBoot\Network\Ad-Aware Service]
251. DA: 26/12/2012 21:55:55
252.
253. [HKLM\System\ControlSet001\services\Ad-Aware Service]
254. DA: 26/12/2012 23:59:01
255.
256. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
257. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
258.
259. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
260. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
261.
262. [HKLM\System\ControlSet001\services\SBAMSvc]
263. "ImagePath"=""C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"" (REG_EXPAND_SZ)
264.
265. [HKLM\System\ControlSet001\services\SBAMSvc]
266. "DisplayName"="Ad-Aware" (REG_SZ)
267.
268. [HKLM\System\ControlSet001\services\SBHIPS\Parameters\Packages\Common]
269. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
270.
271. [HKLM\System\ControlSet002\Control\SafeBoot\Minimal\Ad-Aware Service]
272. DA: 27/12/2012 19:11:16
273.
274. [HKLM\System\ControlSet002\Control\SafeBoot\Network\Ad-Aware Service]
275. DA: 27/12/2012 19:11:16
276.
277. [HKLM\System\ControlSet002\services\Ad-Aware Service]
278. DA: 26/12/2012 23:59:02
279.
280. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
281. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
282.
283. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
284. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
285.
286. [HKLM\System\ControlSet002\services\SBAMSvc]
287. "ImagePath"=""C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"" (REG_EXPAND_SZ)
288.
289. [HKLM\System\ControlSet002\services\SBAMSvc]
290. "DisplayName"="Ad-Aware" (REG_SZ)
291.
292. [HKLM\System\ControlSet002\services\SBHIPS\Parameters\Packages\Common]
293. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
294.
295. [HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
296. DA: 27/12/2012 19:11:16
297.
298. [HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service]
299. DA: 26/12/2012 21:55:55
300.
301. [HKLM\System\CurrentControlSet\services\Ad-Aware Service]
302. DA: 26/12/2012 23:59:01
303.
304. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
305. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
306.
307. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
308. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
309.
310. [HKLM\System\CurrentControlSet\services\SBAMSvc]
311. "ImagePath"=""C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"" (REG_EXPAND_SZ)
312.
313. [HKLM\System\CurrentControlSet\services\SBAMSvc]
314. "DisplayName"="Ad-Aware" (REG_SZ)
315.
316. [HKLM\System\CurrentControlSet\services\SBHIPS\Parameters\Packages\Common]
317. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
318.
319. =========================
320.
321. Fin à: 00:29:17 le 27/12/2012
322. 1132455 Éléments analysés
323.
324. =========================
325. E.O.F
Attention !!! pense à re-désactiver tes protections
Clique sur ce lien : https://www.cjoint.com/?BLBaVQLTcT3
Selectionne tout le texte qui s'y trouve CTRL+A puis CTRL+C ou clic droit/copier
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
Clique sur ce lien : https://www.cjoint.com/?BLBaVQLTcT3
Selectionne tout le texte qui s'y trouve CTRL+A puis CTRL+C ou clic droit/copier
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.1226 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Thibault : Windows 7 Home Premium (64 bits)
Switchs : https://gen-hackman.kanak.fr/
New restorepoint created
Script : 00:51:09
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ | Stopped Processes
(816) -- nvvsvc.exe
(1224) -- spoolsv.exe
(1356) -- nvxdsync.exe
(1368) -- nvvsvc.exe
(1548) -- AdAwareService.exe
(1636) -- taskhost.exe
(1804) -- explorer.exe
(1976) -- SeaPort.EXE
(1140) -- ezSharedSvcHost.exe
(1560) -- FABS.exe
(1800) -- HiPatchService.exe
(1572) -- hpsysdrv.exe
(1996) -- SmartMenu.exe
(352) -- DTLite.exe
(2068) -- genupdater.exe
(2096) -- HPClientServices.exe
(2120) -- gentray.exe
(2160) -- Skype.exe
(2216) -- SpotifyWebHelper.exe
(2292) -- HPDrvMntSvc.exe
(2380) -- LSSrvc.exe
(2420) -- LOLRecorder.exe
(2428) -- PictureMover.exe
(2464) -- LMS.exe
(2512) -- pdfsvc.exe
(2596) -- IAStorIcon.exe
(2608) -- hpwuschd2.exe
(2636) -- razerhid.exe
(2644) -- RazerImperatorSysTray.exe
(2684) -- PnkBstrA.exe
(2716) -- jusched.exe
(2800) -- javaw.exe
(2824) -- Live.exe
(2904) -- ONENOTEM.EXE
(2912) -- Smartp1ck.exe
(2924) -- ToolbarUpdater.exe
(2980) -- WLIDSVC.EXE
(3164) -- razertra.exe
(3400) -- WLIDSVCM.EXE
(3676) -- nvtray.exe
(3084) -- SearchIndexer.exe
(4636) -- wmpnetwk.exe
(4940) -- WUDFHost.exe
(4856) -- firefox.exe
(732) -- plugin-container.exe
(4368) -- FlashPlayerPlugin_11_5_502_135.exe
(2624) -- FlashPlayerPlugin_11_5_502_135.exe
(320) -- HPSA_Service.exe
(5412) -- IAStorDataMgrSvc.exe
(5668) -- daemonu.exe
(1748) -- SBAMSvc.exe
(4976) -- UNS.exe
(5980) -- wuauclt.exe
(2880) -- taskeng.exe
(2960) -- splwow64.exe
¤¤¤¤¤¤¤¤¤¤ | Deletion | Drivers | Services
Service : SBAMSvc Not actif
Service : Ad-Aware Service Not actif
Deleted : [HKLM\..\CCS\Services\SBAMSvc]
Deleted : [HKLM\..\CS002\Services\SBAMSvc]
Deleted : [HKLM\..\CCS\Services\Ad-Aware Service]
Deleted : [HKLM\..\CS002\Services\Ad-Aware Service]
¤
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}
Key Deleted : HKLM\Software\SBAMSvc
Key Deleted : HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}
Key Deleted : HKLM\Software\Wow6432Node\SBAMSvc
Key Deleted : HKLM\Software\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}
Key Deleted : HKLM\Software\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B} HKLM\Software\Wow6432Node\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32
Key Deleted : HKLM\Software\Wow6432Node\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}
Key Deleted : HKLM\Software\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}
Key Deleted : HKLM\Software\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
Key Deleted : HKLM\Software\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}
Key Deleted : HKLM\Software\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32
Key Deleted : HKLM\Software\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}
Key Deleted : HKLM\System\ControlSet001\Control\SafeBoot\Minimal\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet001\Control\SafeBoot\Network\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet001\services\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc
Key Deleted : HKLM\System\ControlSet001\services\SBAMSvc
Key Deleted : HKLM\System\ControlSet002\Control\SafeBoot\Minimal\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet002\Control\SafeBoot\Network\Ad-Aware Service
¤
File Moved to quarantine successfully : |A| - C:\Users\Thibault\AppData\Local\Downloaded Installations\{AA97CA09-E937-41A4-9FB4-9916245B7363}\Ad-Aware Antivirus.msi
¤¤¤¤¤¤¤¤¤¤ | MBR
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: G5320fr
Logical Drives Mask: 0x000000fc
Analysis of file "C:\Pre_Scan\MBR.bin":
Unknown MBR code
¤
explorer.exe -> Process re-started
End : 00:51:12
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Thibault : Windows 7 Home Premium (64 bits)
Switchs : https://gen-hackman.kanak.fr/
New restorepoint created
Script : 00:51:09
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ | Stopped Processes
(816) -- nvvsvc.exe
(1224) -- spoolsv.exe
(1356) -- nvxdsync.exe
(1368) -- nvvsvc.exe
(1548) -- AdAwareService.exe
(1636) -- taskhost.exe
(1804) -- explorer.exe
(1976) -- SeaPort.EXE
(1140) -- ezSharedSvcHost.exe
(1560) -- FABS.exe
(1800) -- HiPatchService.exe
(1572) -- hpsysdrv.exe
(1996) -- SmartMenu.exe
(352) -- DTLite.exe
(2068) -- genupdater.exe
(2096) -- HPClientServices.exe
(2120) -- gentray.exe
(2160) -- Skype.exe
(2216) -- SpotifyWebHelper.exe
(2292) -- HPDrvMntSvc.exe
(2380) -- LSSrvc.exe
(2420) -- LOLRecorder.exe
(2428) -- PictureMover.exe
(2464) -- LMS.exe
(2512) -- pdfsvc.exe
(2596) -- IAStorIcon.exe
(2608) -- hpwuschd2.exe
(2636) -- razerhid.exe
(2644) -- RazerImperatorSysTray.exe
(2684) -- PnkBstrA.exe
(2716) -- jusched.exe
(2800) -- javaw.exe
(2824) -- Live.exe
(2904) -- ONENOTEM.EXE
(2912) -- Smartp1ck.exe
(2924) -- ToolbarUpdater.exe
(2980) -- WLIDSVC.EXE
(3164) -- razertra.exe
(3400) -- WLIDSVCM.EXE
(3676) -- nvtray.exe
(3084) -- SearchIndexer.exe
(4636) -- wmpnetwk.exe
(4940) -- WUDFHost.exe
(4856) -- firefox.exe
(732) -- plugin-container.exe
(4368) -- FlashPlayerPlugin_11_5_502_135.exe
(2624) -- FlashPlayerPlugin_11_5_502_135.exe
(320) -- HPSA_Service.exe
(5412) -- IAStorDataMgrSvc.exe
(5668) -- daemonu.exe
(1748) -- SBAMSvc.exe
(4976) -- UNS.exe
(5980) -- wuauclt.exe
(2880) -- taskeng.exe
(2960) -- splwow64.exe
¤¤¤¤¤¤¤¤¤¤ | Deletion | Drivers | Services
Service : SBAMSvc Not actif
Service : Ad-Aware Service Not actif
Deleted : [HKLM\..\CCS\Services\SBAMSvc]
Deleted : [HKLM\..\CS002\Services\SBAMSvc]
Deleted : [HKLM\..\CCS\Services\Ad-Aware Service]
Deleted : [HKLM\..\CS002\Services\Ad-Aware Service]
¤
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}
Key Deleted : HKLM\Software\SBAMSvc
Key Deleted : HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{557a5d20-772d-41e6-ab4d-143b11c0b023}
Key Deleted : HKLM\Software\Wow6432Node\SBAMSvc
Key Deleted : HKLM\Software\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}
Key Deleted : HKLM\Software\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B} HKLM\Software\Wow6432Node\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32
Key Deleted : HKLM\Software\Wow6432Node\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}
Key Deleted : HKLM\Software\Wow6432Node\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}
Key Deleted : HKLM\Software\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}
Key Deleted : HKLM\Software\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
Key Deleted : HKLM\Software\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}
Key Deleted : HKLM\Software\Classes\Installer\Products\02d5a755d2776e14bad441b3110c0b32
Key Deleted : HKLM\Software\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}
Key Deleted : HKLM\System\ControlSet001\Control\SafeBoot\Minimal\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet001\Control\SafeBoot\Network\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet001\services\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc
Key Deleted : HKLM\System\ControlSet001\services\SBAMSvc
Key Deleted : HKLM\System\ControlSet002\Control\SafeBoot\Minimal\Ad-Aware Service
Key Deleted : HKLM\System\ControlSet002\Control\SafeBoot\Network\Ad-Aware Service
¤
File Moved to quarantine successfully : |A| - C:\Users\Thibault\AppData\Local\Downloaded Installations\{AA97CA09-E937-41A4-9FB4-9916245B7363}\Ad-Aware Antivirus.msi
¤¤¤¤¤¤¤¤¤¤ | MBR
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: G5320fr
Logical Drives Mask: 0x000000fc
Analysis of file "C:\Pre_Scan\MBR.bin":
Unknown MBR code
¤
explorer.exe -> Process re-started
End : 00:51:12
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 01:07:09 le 27/12/2012
4.
5. Valeur(s) recherchée(s):
6. Ad-Aware
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.dll.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 319 Ko ]
16. TC: 16/11/2012,10:08:54 | TM: 16/11/2012,10:08:54 | DA: 27/12/2012,19:07:55
17.
18.
19. =========================
20.
21.
22. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 542 Ko ]
23. TC: 16/11/2012,10:09:00 | TM: 16/11/2012,10:09:00 | DA: 27/12/2012,19:07:55
24.
25.
26. =========================
27.
28.
29. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_guid.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 32 o ]
30. TC: 27/12/2012,19:07:54 | TM: 27/12/2012,19:07:54 | DA: 27/12/2012,19:07:54
31.
32.
33. =========================
34.
35.
36. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_uninstall.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 445 Ko ]
37. TC: 16/11/2012,10:09:18 | TM: 16/11/2012,10:09:18 | DA: 27/12/2012,19:07:56
38.
39.
40. =========================
41.
42.
43. "C:\Pre_Scan\Quarantine\C'_Users_Public_Desktop_Ad-Aware Antivirus.lnk .P_S" [ ARCHIVE | 2 Ko ]
44. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
45.
46.
47. =========================
48.
49.
50. "C:\Pre_Scan\Quarantine\C'_Users_Thibault_AppData_Local_Downloaded Installations_{AA97CA09-E937-41A4-9FB4-9916245B7363}_Ad-Aware Antivirus.msi .P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 20206 Ko ]
51. TC: 27/12/2012,19:08:36 | TM: 27/12/2012,19:08:35 | DA: 27/12/2012,19:08:36
52.
53.
54. =========================
55.
56.
57. "C:\Pre_Scan\Quarantine\C'_Users_Thibault_AppData_Roaming_Ad-Aware Antivirus_window-placement.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 63 o ]
58. TC: 21/12/2012,19:54:30 | TM: 26/12/2012,16:05:49 | DA: 26/12/2012,16:05:49
59.
60.
61. =========================
62.
63.
64. "C:\Pre_Scan\Quarantine\C'_Windows_System32_Tasks_Ad-Aware Antivirus Scheduled Scan .P_S" [ ARCHIVE | 4 Ko ]
65. TC: 27/12/2012,19:25:57 | TM: 27/12/2012,19:25:57 | DA: 27/12/2012,19:25:57
66.
67.
68. =========================
69.
70.
71. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
72. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
73.
74.
75. =========================
76.
77.
78. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
79. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
80.
81.
82. =========================
83.
84.
85. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
86. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
87.
88.
89. =========================
90.
91.
92. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
93. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
94.
95.
96. =========================
97.
98.
99.
100. ====== Entrée(s) du registre ======
101.
102.
103. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
104. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
105.
106. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
107. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
108.
109. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
110. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
111.
112. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
113. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
114.
115. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
116. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
117.
118. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
119. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
120.
121. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
122. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
123.
124. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
125. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
126.
127. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
128. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
129.
130. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
131. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
132.
133. [HKLM\Software\SBAMSvc]
134. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
135.
136. [HKLM\Software\SBAMSvc]
137. "Product"="Ad-Aware" (REG_SZ)
138.
139. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
140. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
141.
142. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
143. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
144.
145. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
146. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
147.
148. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
149. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
150.
151. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
152. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
153.
154. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
155. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
156.
157. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
158. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
159.
160. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
161. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
162.
163. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
164. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
165.
166. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
167. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
168.
169. [HKLM\Software\Wow6432Node\SBAMSvc]
170. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
171.
172. [HKLM\Software\Wow6432Node\SBAMSvc]
173. "Product"="Ad-Aware" (REG_SZ)
174.
175. [HKLM\Software\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
176. "LocalService"="Ad-Aware Service" (REG_SZ)
177.
178. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
179. "LocalService"="Ad-Aware Service" (REG_SZ)
180.
181. [HKLM\Software\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
182. "LocalService"="Ad-Aware Service" (REG_SZ)
183.
184. [HKLM\Software\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
185. "LocalService"="Ad-Aware Service" (REG_SZ)
186.
187. [HKLM\System\ControlSet001\Control\SafeBoot\Minimal\Ad-Aware Service]
188. DA: 27/12/2012 00:51:11
189.
190. [HKLM\System\ControlSet001\Control\SafeBoot\Network\Ad-Aware Service]
191. DA: 27/12/2012 00:51:11
192.
193. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
194. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
195.
196. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
197. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
198.
199. [HKLM\System\ControlSet001\services\SBHIPS\Parameters\Packages\Common]
200. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
201.
202. [HKLM\System\ControlSet002\Control\SafeBoot\Minimal\Ad-Aware Service]
203. DA: 27/12/2012 00:51:11
204.
205. [HKLM\System\ControlSet002\Control\SafeBoot\Network\Ad-Aware Service]
206. DA: 27/12/2012 00:51:11
207.
208. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
209. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
210.
211. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
212. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
213.
214. [HKLM\System\ControlSet002\services\SBHIPS\Parameters\Packages\Common]
215. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
216.
217. [HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
218. DA: 27/12/2012 00:51:11
219.
220. [HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service]
221. DA: 27/12/2012 00:51:11
222.
223. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
224. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
225.
226. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
227. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
228.
229. [HKLM\System\CurrentControlSet\services\SBHIPS\Parameters\Packages\Common]
230. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
231.
232. =========================
233.
234. Fin à: 01:13:05 le 27/12/2012
235. 1132523 Éléments analysés
236.
237. =========================
238. E.O.F
2.
3. Commencé à: 01:07:09 le 27/12/2012
4.
5. Valeur(s) recherchée(s):
6. Ad-Aware
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.dll.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 319 Ko ]
16. TC: 16/11/2012,10:08:54 | TM: 16/11/2012,10:08:54 | DA: 27/12/2012,19:07:55
17.
18.
19. =========================
20.
21.
22. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_adawarebp.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 542 Ko ]
23. TC: 16/11/2012,10:09:00 | TM: 16/11/2012,10:09:00 | DA: 27/12/2012,19:07:55
24.
25.
26. =========================
27.
28.
29. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_guid.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 32 o ]
30. TC: 27/12/2012,19:07:54 | TM: 27/12/2012,19:07:54 | DA: 27/12/2012,19:07:54
31.
32.
33. =========================
34.
35.
36. "C:\Pre_Scan\Quarantine\C'_ProgramData_Ad-Aware Browsing Protection_uninstall.exe.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 445 Ko ]
37. TC: 16/11/2012,10:09:18 | TM: 16/11/2012,10:09:18 | DA: 27/12/2012,19:07:56
38.
39.
40. =========================
41.
42.
43. "C:\Pre_Scan\Quarantine\C'_Users_Public_Desktop_Ad-Aware Antivirus.lnk .P_S" [ ARCHIVE | 2 Ko ]
44. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
45.
46.
47. =========================
48.
49.
50. "C:\Pre_Scan\Quarantine\C'_Users_Thibault_AppData_Local_Downloaded Installations_{AA97CA09-E937-41A4-9FB4-9916245B7363}_Ad-Aware Antivirus.msi .P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 20206 Ko ]
51. TC: 27/12/2012,19:08:36 | TM: 27/12/2012,19:08:35 | DA: 27/12/2012,19:08:36
52.
53.
54. =========================
55.
56.
57. "C:\Pre_Scan\Quarantine\C'_Users_Thibault_AppData_Roaming_Ad-Aware Antivirus_window-placement.dat.P_S" [ NOT_CONTENT_INDEXED|ARCHIVE | 63 o ]
58. TC: 21/12/2012,19:54:30 | TM: 26/12/2012,16:05:49 | DA: 26/12/2012,16:05:49
59.
60.
61. =========================
62.
63.
64. "C:\Pre_Scan\Quarantine\C'_Windows_System32_Tasks_Ad-Aware Antivirus Scheduled Scan .P_S" [ ARCHIVE | 4 Ko ]
65. TC: 27/12/2012,19:25:57 | TM: 27/12/2012,19:25:57 | DA: 27/12/2012,19:25:57
66.
67.
68. =========================
69.
70.
71. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
72. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
73.
74.
75. =========================
76.
77.
78. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
79. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
80.
81.
82. =========================
83.
84.
85. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk" [ ARCHIVE | 3 Ko ]
86. TC: 27/12/2012,19:11:05 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
87.
88.
89. =========================
90.
91.
92. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk" [ ARCHIVE | 2 Ko ]
93. TC: 27/12/2012,19:11:06 | TM: 26/12/2012,20:58:30 | DA: 26/12/2012,20:58:30
94.
95.
96. =========================
97.
98.
99.
100. ====== Entrée(s) du registre ======
101.
102.
103. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
104. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
105.
106. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
107. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
108.
109. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
110. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
111.
112. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
113. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
114.
115. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
116. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
117.
118. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
119. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
120.
121. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
122. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
123.
124. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
125. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
126.
127. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
128. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
129.
130. [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
131. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
132.
133. [HKLM\Software\SBAMSvc]
134. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
135.
136. [HKLM\Software\SBAMSvc]
137. "Product"="Ad-Aware" (REG_SZ)
138.
139. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
140. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"="1" (REG_DWORD)
141.
142. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
143. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"="1" (REG_DWORD)
144.
145. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
146. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"="1" (REG_DWORD)
147.
148. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
149. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"="1" (REG_DWORD)
150.
151. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
152. "C:\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"="1" (REG_DWORD)
153.
154. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
155. "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"="1" (REG_DWORD)
156.
157. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
158. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"="1" (REG_DWORD)
159.
160. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
161. "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"="1" (REG_DWORD)
162.
163. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
164. "C:\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"="1" (REG_DWORD)
165.
166. [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
167. "C:\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"="1" (REG_DWORD)
168.
169. [HKLM\Software\Wow6432Node\SBAMSvc]
170. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
171.
172. [HKLM\Software\Wow6432Node\SBAMSvc]
173. "Product"="Ad-Aware" (REG_SZ)
174.
175. [HKLM\Software\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
176. "LocalService"="Ad-Aware Service" (REG_SZ)
177.
178. [HKLM\Software\Wow6432Node\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
179. "LocalService"="Ad-Aware Service" (REG_SZ)
180.
181. [HKLM\Software\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
182. "LocalService"="Ad-Aware Service" (REG_SZ)
183.
184. [HKLM\Software\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]
185. "LocalService"="Ad-Aware Service" (REG_SZ)
186.
187. [HKLM\System\ControlSet001\Control\SafeBoot\Minimal\Ad-Aware Service]
188. DA: 27/12/2012 00:51:11
189.
190. [HKLM\System\ControlSet001\Control\SafeBoot\Network\Ad-Aware Service]
191. DA: 27/12/2012 00:51:11
192.
193. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
194. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
195.
196. [HKLM\System\ControlSet001\services\eventlog\Application\SBAMSvc]
197. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
198.
199. [HKLM\System\ControlSet001\services\SBHIPS\Parameters\Packages\Common]
200. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
201.
202. [HKLM\System\ControlSet002\Control\SafeBoot\Minimal\Ad-Aware Service]
203. DA: 27/12/2012 00:51:11
204.
205. [HKLM\System\ControlSet002\Control\SafeBoot\Network\Ad-Aware Service]
206. DA: 27/12/2012 00:51:11
207.
208. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
209. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
210.
211. [HKLM\System\ControlSet002\services\eventlog\Application\SBAMSvc]
212. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
213.
214. [HKLM\System\ControlSet002\services\SBHIPS\Parameters\Packages\Common]
215. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
216.
217. [HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
218. DA: 27/12/2012 00:51:11
219.
220. [HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service]
221. DA: 27/12/2012 00:51:11
222.
223. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
224. "EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
225.
226. [HKLM\System\CurrentControlSet\services\eventlog\Application\SBAMSvc]
227. "CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_EXPAND_SZ)
228.
229. [HKLM\System\CurrentControlSet\services\SBHIPS\Parameters\Packages\Common]
230. "INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\" (REG_SZ)
231.
232. =========================
233.
234. Fin à: 01:13:05 le 27/12/2012
235. 1132523 Éléments analysés
236.
237. =========================
238. E.O.F
Ben , Ad aware, c'est bon,
Sinon tu m'as dis que mon PC c'était une poubelle, donc si ya encore des programme qui te semble inutile, dangereux toussa dis moi, et ya aussi un Trojan, Situer dans un truc genre SyllabiK Celon MBAM. Je remet l'emplacement, meme le rapport tient
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.12.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thibault :: THIBAULT-HP [administrateur]
26/12/2012 17:56:13
mbam-log-2012-12-26 (20-06-22).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 759700
Temps écoulé: 2 heure(s), 8 minute(s), 56 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 5
C:\Pre_Scan\Quarantine\C'_Users_Thibault_Downloads_audacity_telechargement_01net.exe.P_S (PUP.Toolbar.Repacked) -> Aucune action effectuée.
C:\Pre_Scan\Quarantine\C'_Users_Thibault_Downloads_SoftonicDownloader_pour_photofiltre.exe.P_S (PUP.OfferBundler.ST) -> Aucune action effectuée.
C:\Pre_Scan\Quarantine\C'_Users_Thibault_Downloads_SoftonicDownloader_pour_pkr.exe.P_S (PUP.OfferBundler.ST) -> Aucune action effectuée.
C:\Program Files (x86)\SyllabiK\systeme\dlls\nhtmln\nHTMLn.dll (Trojan.Agent) -> Aucune action effectuée.
C:\Users\Thibault\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
(fin)
Sinon tu m'as dis que mon PC c'était une poubelle, donc si ya encore des programme qui te semble inutile, dangereux toussa dis moi, et ya aussi un Trojan, Situer dans un truc genre SyllabiK Celon MBAM. Je remet l'emplacement, meme le rapport tient
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.12.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thibault :: THIBAULT-HP [administrateur]
26/12/2012 17:56:13
mbam-log-2012-12-26 (20-06-22).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 759700
Temps écoulé: 2 heure(s), 8 minute(s), 56 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 5
C:\Pre_Scan\Quarantine\C'_Users_Thibault_Downloads_audacity_telechargement_01net.exe.P_S (PUP.Toolbar.Repacked) -> Aucune action effectuée.
C:\Pre_Scan\Quarantine\C'_Users_Thibault_Downloads_SoftonicDownloader_pour_photofiltre.exe.P_S (PUP.OfferBundler.ST) -> Aucune action effectuée.
C:\Pre_Scan\Quarantine\C'_Users_Thibault_Downloads_SoftonicDownloader_pour_pkr.exe.P_S (PUP.OfferBundler.ST) -> Aucune action effectuée.
C:\Program Files (x86)\SyllabiK\systeme\dlls\nhtmln\nHTMLn.dll (Trojan.Agent) -> Aucune action effectuée.
C:\Users\Thibault\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
(fin)
Ya marquer "aucune action effectué" je sais pas pourquoi j'ai fait supprimer avec MBAM pourtant.
Sinon je peux le faire manuellement, je fais comment dans ce cas?
Sinon je peux le faire manuellement, je fais comment dans ce cas?
Anyway, j'ai supprimer tout SyllabiK avec Glary Utilities, désinstaller glary utilities avec revo mode avancé.
J'espere que c'est ce qu'il fallait faire. Sinon, j'ai toujours le problème Ad Aware, comment l'enlever avec CCleaner. J'ai analysé, supprimer, mais il est toujours la, dans program files, avec toujours un programme qui l'utilise, donc je peut pas le supprimer. Que faire?
J'espere que c'est ce qu'il fallait faire. Sinon, j'ai toujours le problème Ad Aware, comment l'enlever avec CCleaner. J'ai analysé, supprimer, mais il est toujours la, dans program files, avec toujours un programme qui l'utilise, donc je peut pas le supprimer. Que faire?
Comment aller en Mode sans échec :
Attention !!! : NE JAMAIS DEMARRER EN MODE SANS ECHEC AVEC L'UTILITAIRE MSCONFIG !!!!
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel,
Attention !!! : NE JAMAIS DEMARRER EN MODE SANS ECHEC AVEC L'UTILITAIRE MSCONFIG !!!!
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel,
Fu !
Bref, j'ai deux question :
La premiere, quand j'ai rallumé mon PC ce matin, tout mes cookie et historique a disparu, alors que j'ai rien fait...c'est normal? j'ai trouvé ça bizarre alors je voulais savoir si c'était lo'oeuvre de CCleaner, ou epeut etre Glary, ou même un VIRUS :O *mode trop peur*
Bref :p
Deuxième chose,
Qu'est-ce que MSCONFIG?
Est-il en mache par défault sur mon pc et faut que je le supprime/eteigne avant le mode sans echec?
Si oui, ou si non, ou je peut le trouver sur mon PC, savoir si il est actif?
Merci
Bref, j'ai deux question :
La premiere, quand j'ai rallumé mon PC ce matin, tout mes cookie et historique a disparu, alors que j'ai rien fait...c'est normal? j'ai trouvé ça bizarre alors je voulais savoir si c'était lo'oeuvre de CCleaner, ou epeut etre Glary, ou même un VIRUS :O *mode trop peur*
Bref :p
Deuxième chose,
Qu'est-ce que MSCONFIG?
Est-il en mache par défault sur mon pc et faut que je le supprime/eteigne avant le mode sans echec?
Si oui, ou si non, ou je peut le trouver sur mon PC, savoir si il est actif?
Merci
Arf, nouveaux soucis au bataillon.
J'ai fait en mode sans echec comme tu l'as dit, le truc c'est que ya encore un autre dossier qui est sois disant utiliser par un autre programme. Alors je suis aller dans mon dossier program files, j'ai meme renommer le machin, j'ai tout supprimer. Mais il y en a un qui reste !
c'est un sois disant "AdAwareShellExtension64.dll". J'ai tout supprimer sauf ça, puisque je peut pas, et la je viens de rerename le dossier "Ad-Aware Antivirus"
Un moyen de l'enlever ce machin?
Et pourquoi il est utiliser par un autre programme, ce programme peut-etre un virus ou pas?
J'ai fait en mode sans echec comme tu l'as dit, le truc c'est que ya encore un autre dossier qui est sois disant utiliser par un autre programme. Alors je suis aller dans mon dossier program files, j'ai meme renommer le machin, j'ai tout supprimer. Mais il y en a un qui reste !
c'est un sois disant "AdAwareShellExtension64.dll". J'ai tout supprimer sauf ça, puisque je peut pas, et la je viens de rerename le dossier "Ad-Aware Antivirus"
Un moyen de l'enlever ce machin?
Et pourquoi il est utiliser par un autre programme, ce programme peut-etre un virus ou pas?
rien à voir ^^
je parlais de ca :
tout mes cookie et historique a disparu, alors que j'ai rien fait...c'est normal? j'ai trouvé ça bizarre alors je voulais savoir si c'était lo'oeuvre de CCleaner, ou epeut etre Glary,
en l'occurence , pour y repondre c'est Ccleaner oui
je parlais de ca :
tout mes cookie et historique a disparu, alors que j'ai rien fait...c'est normal? j'ai trouvé ça bizarre alors je voulais savoir si c'était lo'oeuvre de CCleaner, ou epeut etre Glary,
en l'occurence , pour y repondre c'est Ccleaner oui
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
ndis.sys
cdrom.sys
i8042prt.sys
net.exe
tdx.sys
netbt.sys
afd.sys
net1.exe
Rundll32.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur https://www.cjoint.com/ et donne les liens
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
ndis.sys
cdrom.sys
i8042prt.sys
net.exe
tdx.sys
netbt.sys
afd.sys
net1.exe
Rundll32.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur https://www.cjoint.com/ et donne les liens
Un truc pour League of Legends qui permet de "counter pick" pendant la selection des champion. Un truc ui se lance au demarrage...le truc c'est qu'avec l'experience je les connait par coeur, et avec le temps, les infos edvienne obsolete...ca fait pas mal de temps que j'ai envie de l'enlever mais a chaque fois j'oublie :p
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-627572728-2483309000-2632592548-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-627572728-2483309000-2632592548-1004\..\SearchScopes,DefaultScope =
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O4 - Startup: C:\Users\Thibault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
O4 - Startup: C:\Users\Thibault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smartp1ck.lnk
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O33 - MountPoints2\{4e480267-7a5d-11e0-aeb4-6c626d981474}\Shell - "" = AutoRun
O33 - MountPoints2\{8fe9fd90-7b30-11e0-a49f-6c626d981474}\Shell - "" = AutoRun
SafeBootMin Ad-Aware Service - Ad-Aware Service
SafeBootMin SBAMSvc - Service
SafeBootMin: Ad-Aware Service - Ad-Aware Service
SafeBootMin: SBAMSvc - Service
SafeBootNet Ad-Aware Service - Ad-Aware Service
SafeBootNet SBAMSvc - Service
SafeBootNet: Ad-Aware Service - Ad-Aware Service
SafeBootNet: SBAMSvc - Service
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
:Files
C:\ProgramData\Ad-Aware Antivirus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
C:\Program Files (x86)\Ad-Aware Antivirus
C:\ProgramData\Ad-Aware Browsing Protection
C:\Program Files (x86)\Toolbar Cleaner
C:\Users\Thibault\AppData\Local\Pando_Temp
C:\Users\Thibault\Desktop\gfibto.zip
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-627572728-2483309000-2632592548-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-627572728-2483309000-2632592548-1004\..\SearchScopes,DefaultScope =
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O4 - Startup: C:\Users\Thibault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
O4 - Startup: C:\Users\Thibault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smartp1ck.lnk
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O33 - MountPoints2\{4e480267-7a5d-11e0-aeb4-6c626d981474}\Shell - "" = AutoRun
O33 - MountPoints2\{8fe9fd90-7b30-11e0-a49f-6c626d981474}\Shell - "" = AutoRun
SafeBootMin Ad-Aware Service - Ad-Aware Service
SafeBootMin SBAMSvc - Service
SafeBootMin: Ad-Aware Service - Ad-Aware Service
SafeBootMin: SBAMSvc - Service
SafeBootNet Ad-Aware Service - Ad-Aware Service
SafeBootNet SBAMSvc - Service
SafeBootNet: Ad-Aware Service - Ad-Aware Service
SafeBootNet: SBAMSvc - Service
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
:Files
C:\ProgramData\Ad-Aware Antivirus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
C:\Program Files (x86)\Ad-Aware Antivirus
C:\ProgramData\Ad-Aware Browsing Protection
C:\Program Files (x86)\Toolbar Cleaner
C:\Users\Thibault\AppData\Local\Pando_Temp
C:\Users\Thibault\Desktop\gfibto.zip
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Enervant ce truc, pourquoi il est si perséverant !