virus (TR/Sirefef.AH') Résolu/Fermé

Question

Bonjour, 



je suis sous windows 7 google chrome Version 24.0.1312.57 m et j'utilise avira

Depuis peu, Avira ouvre une fenetre d'alerte plus que régulièrement. 
Il dit que TR/Sirefef.AH' a été détecté.
il bloque aussi les autorun des périphériques externes 

suite a un conseil via un autre sujet j'ai utiliser combo fix 
mais je ne suis pas des plus doué en informatique donc voici le rapport de combo fix 
merci d'avance de m'apporter une aide 

cordialement

ComboFix 13-07-02.01 - hilgurr 02/07/2013  15:41:12.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.8104.6072 [GMT 2:00]
Lancé depuis: c:\users\hilgurr\Desktopaph.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\hilgurr\AppData\Roaming\app
c:\users\hilgurr\AppData\Roaming\app\Jerakine_lang.dat
c:\users\hilgurr\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\hilgurr\AppData\Roaming\OfferBox
c:\users\hilgurr\AppData\Roaming\OfferBox\config.xml
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\sdch\1338196253
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\hilgurr\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\users\hilgurr\errorlog.tmp
c:\users\hilgurr\errorlogmi.tmp
c:\users\hilgurr\M-38593585020495849\winmgr.exe
c:\users\hilgurr\M-5856932030585630204958\winmgr.exe
c:\windows\SysWow64\Oleaut32.1
c:\windows\SysWow64	empdir
c:\windows\SysWow64	empdir	inypdf.chm
c:\windows\SysWow64	empdir	inypdf.dll
c:\windows\SysWow64	empdir	inypdf1.dll
c:\windows\SysWow64	empdir	inypdf2.dll
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-06-02 au 2013-07-02  ))))))))))))))))))))))))))))))))))))
.
.
2013-07-02 13:13 . 2013-07-02 13:13	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8999D40E-9132-453A-99F3-42D7E92C43E8}\offreg.dll
2013-07-02 11:10 . 2013-07-02 13:48	--------	d-sh--r-	c:\users\hilgurr\M-5856932030585630204958
2013-07-02 10:37 . 2013-07-02 10:45	--------	d-sh--r-	c:\users\hilgurr\M-5820586829204950
2013-07-01 22:23 . 2013-07-01 22:28	--------	d-sh--r-	c:\users\hilgurr\M-10adeaaea592
2013-06-30 18:42 . 2013-07-02 13:48	--------	d-sh--r-	c:\users\hilgurr\M-38593585020495849
2013-06-30 09:24 . 2013-06-30 09:25	--------	d-----w-	c:\users\hilgurr\AppData\Roaming\Audacity
2013-06-30 09:24 . 2013-06-30 09:24	--------	d-----w-	c:\program files (x86)\Audacity
2013-06-28 21:20 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8999D40E-9132-453A-99F3-42D7E92C43E8}\mpengine.dll
2013-06-28 13:52 . 2013-06-30 06:14	--------	d-----w-	c:\users\hilgurr\AppData\Roaming\driver
2013-06-27 17:43 . 2013-06-02 15:11	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-13 09:08 . 2013-06-13 09:08	--------	d-----w-	c:\users\hilgurr\AppData\Roaming\protected
2013-06-10 19:33 . 2013-06-10 19:33	--------	d-----w-	c:\program files (x86)\Boxore
2013-06-06 12:30 . 2013-06-06 12:41	--------	d-----w-	c:\users\hilgurr\AppData\Local\Roozz
2013-06-06 12:29 . 2013-06-06 12:41	--------	d-----w-	c:\program files (x86)\Roozz
2013-06-05 16:27 . 2013-06-06 12:31	--------	d-----w-	c:\users\hilgurr\AppData\Roaming\NVIDIA
2013-06-05 16:27 . 2013-06-06 20:14	--------	d-----w-	c:\users\hilgurr\AppData\Roaming	rusted
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 13:01 . 2012-04-30 15:17	45056	----a-w-	c:\windows\SysWow64\acovcnt.exe
2013-07-01 09:01 . 2013-05-13 22:36	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-12 01:04 . 2012-06-16 20:29	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:04 . 2012-06-16 20:29	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 16:15 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-10-04 21:03	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 03:55	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 03:55	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 03:55	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 03:55	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 03:55	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:55	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:53	1656680	----a-w-	c:\windows\system32\drivers
tfs.sys
2013-04-10 06:01 . 2013-05-15 03:55	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 03:55	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 03:55	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-07-31 17:19	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-23 968592]
"trusted"="c:\users\hilgurr\AppData\Roaming	rusted\hp.bat" [2013-05-18 204]
"protected"="c:\users\hilgurr\AppData\Roaming\protected\start.bat" [2013-06-06 216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Updateealsched.exe" [2012-08-10 296096]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Boxore Client"="c:\program files (x86)\Boxore\BoxoreClient\boxore.exe" [2013-06-11 611616]
.
c:\users\hilgurr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GigaTribe.lnk - c:\program files (x86)\GigaTribe\gigatribe.exe -system:startup [2012-5-13 5122760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64
vinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 supdate;Software Update Service (supdate);c:\program files (x86)\Software\Update\SoftwareUpdate.exe;c:\program files (x86)\Software\Update\SoftwareUpdate.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys;c:\windows\SYSNATIVE\drivers	susbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS
vpciflt.sys;c:\windows\SYSNATIVE\DRIVERS
vpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-15 21:19	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 01:04]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 21:18]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 21:18]
.
2013-07-02 c:\windows\Tasks\SoftwareUpdateTaskMachineCore.job
- c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-10-20 21:26]
.
2013-07-02 c:\windows\Tasks\SoftwareUpdateTaskMachineUA.job
- c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-10-20 21:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32
vinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?affID=120008&tt=gc_&babsrc=HP_ss&mntrId=008E2208CA7112FF
uDefault_Search_URL = hxxp://www.jerecherche.org/keyword/
uSearchMigratedDefaultURL = hxxp://www.jerecherche.org
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.jerecherche.org
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: chat-land.org
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\
FF - prefs.js: browser.startup.homepage - 
FF - user.js: extentions.y2layers.installId - 45dd9c1d-e6d0-4c60-bcdf-07ec7e0111c3
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 008edbb00000000000002208ca7112ff
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15841
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:55
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
BHO-{1631550F-191D-4826-B069-D9439253D926} - c:\program files (x86)\PriceGong\2.6.4\PriceGongIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-appinfo - c:\users\hilgurrappinfo.exe\appinfo.exe
Wow6432Node-HKCU-Run-Chat-Landmessenger - c:\users\hilgurr\chat-land\messenger.exe
Wow6432Node-HKCU-Run-Microsoft Windows Manager - c:\users\hilgurr\M-38593585020495849\winmgr.exe
Wow6432Node-HKCU-Run-Microsoft Windows Service - c:\users\hilgurr\M-5856932030585630204958\winmgr.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-mylbx - f:\programme disque\My Lockbox\mylbx.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\EA Games\Battlefield Heroes\pbsvc_heroes.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4059017485-532825059-2775240351-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:77,a6,d1,85,02,74,ab,12,0e,5c,14,12,8b,a8,90,92,02,6f,30,10,ec,da,fb,
   8f,18,6c,81,d6,4e,e8,f2,f9,8a,93,a8,09,34,cb,a2,77,12,47,4a,21,28,8b,7d,f9,\
"??"=hex:3e,45,f6,c6,22,55,d6,39,cd,83,fa,fd,30,91,71,f5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-07-02  15:53:19
ComboFix-quarantined-files.txt  2013-07-02 13:53
.
Avant-CF: 87 388 319 744 octets libres
Après-CF: 87 974 993 920 octets libres
.
- - End Of File - - 1F708CDBBD2889F6808AC7912EBB935F
D41D8CD98F00B204E9800998ECF8427E

Malekal_morte- · Answer

Salut,

[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy) 
[*] Quitter tous les programmes 
[*] Lancer RogueKiller.exe. 
[*] Attendre que le Prescan ait fini ... 
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
Poste le rapport ici.

!!! Je répète bien faire Suppression à droite et poster le rapport. !!!

Hilgurr · Answer

voici le rapport RogueKiller V8.6.2 [Jul 3 2013] par Tigzy mail : tigzyRKgmailcom Remontees : hxxp://www.adlice.com/forum/ Site Web : https://www.luanagames.com/index.fr.html Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : hilgurr [Droits d'admin] Mode : Suppression -- Date : 07/03/2013 17:50:11 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 10 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : trusted ("C:\Users\hilgurr\AppData\Roaming\trusted\hp.bat" [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKCU\[...]\Run : protected ("C:\Users\hilgurr\AppData\Roaming\protected\start.bat" [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKUS\S-1-5-21-4059017485-532825059-2775240351-1001\[...]\Run : trusted ("C:\Users\hilgurr\AppData\Roaming\trusted\hp.bat" [-]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKUS\S-1-5-21-4059017485-532825059-2775240351-1001\[...]\Run : protected ("C:\Users\hilgurr\AppData\Roaming\protected\start.bat" [-]) -> [0x2] Le fichier spécifié est introuvable. [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Le fichier spécifié est introuvable. [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Tâches planifiées : 0 ¤¤¤

Malekal_morte- · Answer

Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt 
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/    

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.    
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)    

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL    
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :    



netsvcs   
msconfig   
safebootminimal   
safebootnetwork   
activex   
drivers32   
%ALLUSERSPROFILE%\Application Data\*.   
%ALLUSERSPROFILE%\Application Data\*.exe /s   
%APPDATA%\*.   
%APPDATA%\*.exe /s   
%temp%\.exe /s   
%SYSTEMDRIVE%\*.exe   
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles   
%systemroot%\Tasks\*.job /lockedfiles   
%systemroot%\system32\drivers\*.sys /lockedfiles   
%systemroot%\System32\config\*.sav   
/md5start   
explorer.exe   
winlogon.exe   
wininit.exe
services.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT   
nslookup www.google.fr /c   
SAVEMBR:0   
hklm\software\clients\startmenuinternet|command /rs   
hklm\software\clients\startmenuinternet|command /64 /rs    



* Clique sur le bouton Analyse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message. 
NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT

Hilgurr · Answer

https://pjjoint.malekal.com/files.php?id=20130703_w11q13o10m8k12

https://pjjoint.malekal.com/files.php?id=20130703_i15f7l14s6n15

Malekal_morte- · Answer

Beaucoup de programmes parasites.


Télécharge http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner AdwCleaner ( d'Xplode ) sur ton bureau (icone grise en bas à droite avec la flèche verte).
Lance le, clique sur [Suppression]  - je répète [SUPRESSION] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).  
Une fois le scan fini, un rapport s'ouvrira. Poste le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt  


~~


Relance OTL. 
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:  

:OTL
[2012/09/10 19:41:43 | 000,000,000 | ---D | M] (uTorrentBar_FR) -- C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2013/05/16 20:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\ffxtlbr@babylon.com
[2012/07/21 23:49:51 | 000,000,000 | ---D | M] (fluschipranie) -- C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpack
[2012/08/31 00:50:43 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\OneClickDownload@OneClickDownload.com
[2012/08/07 21:08:50 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\plugin@yontoo.com
[2013/05/16 20:55:05 | 000,006,505 | ---- | M] () -- C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\babylon.xml
[2013/05/16 20:55:05 | 000,006,505 | ---- | M] () -- C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\BrowserProtect.xml
[2013/05/16 20:55:13 | 000,001,294 | ---- | M] () -- C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\delta.xml
[2012/09/13 07:10:32 | 000,040,436 | ---- | M] () -- C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\jerecherche.xml 
CHR - plugin: Conduit Chrome Approve TB Plugin (Enabled) = C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib\2.3.19.11_0\plugins/ChromeApproveTBPlugin.dll **
CHR - plugin: Software Update (Enabled) = C:\Program Files (x86)\Software\Update\1.2.201.0
pSoftwareOneClick8.dll 
CHR - Extension: uTorrentBar_FR = C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib\2.3.19.11_0\ 
O4 - HKLM..\Run: [Boxore Client] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (Boxore OU) 
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) 
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll File not found 
2013/07/02 13:10:54 | 000,000,000 | RHSD | C] -- C:\Users\hilgurr\M-5856932030585630204958
[2013/07/02 12:37:44 | 000,000,000 | RHSD | C] -- C:\Users\hilgurr\M-5820586829204950
[2013/07/02 00:23:02 | 000,000,000 | RHSD | C] -- C:\Users\hilgurr\M-10adeaaea592
[2013/06/30 20:42:55 | 000,000,000 | RHSD | C] -- C:\Users\hilgurr\M-38593585020495849
[2013/06/10 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boxore
[2013/06/09 15:10:20 | 000,460,800 | ---- | M] () -- C:\Users\hilgurr\AppData\Roaming\driver\ass.exe
[2013/06/09 16:02:16 | 000,007,168 | ---- | M] (www.commandline.co.uk) -- C:\Users\hilgurr\AppData\Roaming\driver\chp.exe
[2013/06/19 21:36:32 | 000,065,849 | ---- | M] (Private) -- C:\Users\hilgurr\AppData\Roaming\driver\driver.exe 
[2012/09/09 14:30:23 | 000,000,000 | ---- | C] () -- C:\Users\hilgurr	mp1.36
[2013/06/13 11:08:04 | 000,000,000 | ---D | C] -- C:\Users\hilgurr\AppData\Roaming\protected 
 
* redemarre le pc sous windows et poste le rapport ici 


 ~~


Zip le dossier C:\_OTL
Ouvre Mon Ordinateur / Poste de travail => Disque C
Clic droit / Envoyer vers dossier compressé.
Cela va créer un fichier C:\_OTL.zip
Envoie ce fichier _OTL.zip sur http://upload.malekal.com

Hilgurr · Answer

rapport adwcleaner

# AdwCleaner v2.304 - Rapport créé le 03/07/2013 à 20:06:07
# Mis à jour le 03/07/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : hilgurr - HILGURR-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\hilgurr\Desktop\AdwCleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : supdate

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\Boxore
Dossier Supprimé : C:\Program Files (x86)\Conduit
Dossier Supprimé : C:\Program Files (x86)\continuetosave
Dossier Supprimé : C:\Program Files (x86)\DAEMON Tools Toolbar
Dossier Supprimé : C:\Program Files (x86)\Software
Dossier Supprimé : C:\Program Files (x86)\Yontoo
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\InstallMate
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\Users\chérie\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\chérie\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\hilgurr\AppData\Local\Conduit
Dossier Supprimé : C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib
Dossier Supprimé : C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa
Dossier Supprimé : C:\Users\hilgurr\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\hilgurr\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\hilgurr\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\ExpressFiles
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\CT2851639
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\extensions\ffxtlbr@babylon.com
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\extensions\OneClickDownload@OneClickDownload.com
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\extensions\plugin@yontoo.com
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\jetpack
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\Smartbar
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\OpenCandy
Dossier Supprimé : C:\Users\hilgurr\AppData\Roaming\yourfiledownloader
Fichier Supprimé : C:\Users\hilgurr\AppData\Roaming\Microsoft\Windows\Start Menu\Chat-Land Messenger.LNK
Fichier Supprimé : C:\Users\hilgurr\AppData\Roaming\Microsoft\Windows\Start Menu\Chat-Land site de chat et de rencontre gratuit.URL
Fichier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\searchplugins\Babylon.xml
Fichier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\searchplugins\BrowserProtect.xml
Fichier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\searchplugins\delta.xml
Fichier Supprimé : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\searchplugins\jerecherche.xml
Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job

***** [Registre] *****

Clé Supprimée : HKCU\Software\1ClickDownload
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\AppDataLow\SProtector
Clé Supprimée : HKCU\Software\AutocompleteProBHO
Clé Supprimée : HKCU\Software\BabSolution
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\ExpressFiles
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\YourFileDownloader
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\Boxore
Clé Supprimée : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Clé Supprimée : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Clé Supprimée : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Clé Supprimée : HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8
Clé Supprimée : HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Clé Supprimée : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8
Clé Supprimée : HKLM\SOFTWARE\Classes\oneclick
Clé Supprimée : HKLM\SOFTWARE\Classes\oneclickmg
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2851639
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\ExpressFiles
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8
Clé Supprimée : HKLM\Software\Offerbox
Clé Supprimée : HKLM\Software\SP Global
Clé Supprimée : HKLM\Software\SProtector
Clé Supprimée : HKLM\Software\VDownloader\OpenCandy
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\5b6d68ce06ebe41
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Clé Supprimée : HKLM\Software\YourFileDownloader
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Boxore Client]
Valeur Supprimée : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Navigateurs] *****

-\ Internet Explorer v10.0.9200.16618

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=120008&tt=gc_&babsrc=HP_ss&mntrId=008E2208CA7112FF --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://www.jerecherche.org/keyword/ --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page_bak] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultURL] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.jerecherche.org --> hxxp://www.google.com

-\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\prefs.js

C:\Users\hilgurr\AppData\Roaming\Mozilla\Firefox\Profiles\3j57a463.default\user.js ... Supprimé !

Supprimée : user_pref("CT2851639.1000234.TWC_TMP_city", "PARIS");
Supprimée : user_pref("CT2851639.1000234.TWC_TMP_country", "FR");
Supprimée : user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true");
Supprimée : user_pref("CT2851639.autoDisableScopes", 14);
Supprimée : user_pref("CT2851639.cbcountry_001", "FR");
Supprimée : user_pref("CT2851639.cbfirsttime", "Tue Sep 11 2012 01:17:37 GMT+0200");
Supprimée : user_pref("CT2851639.defaultSearch", "FALSE");
Supprimée : user_pref("CT2851639.embeddedsData", "[{\"appId\":\"129351529700743801\",\"apiPermissions\":{\"cross[...]
Supprimée : user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Supprimée : user_pref("CT2851639.enableAlerts", "always");
Supprimée : user_pref("CT2851639.enableSearchFromAddressBar", "FALSE");
Supprimée : user_pref("CT2851639.Facebook_Mode", "2");
Supprimée : user_pref("CT2851639.Facebook_User_Locale", "fr");
Supprimée : user_pref("CT2851639.FirstTime", "true");
Supprimée : user_pref("CT2851639.firstTimeDialogOpened", "true");
Supprimée : user_pref("CT2851639.FirstTimeFF3", "true");
Supprimée : user_pref("CT2851639.fixPageNotFoundError", "true");
Supprimée : user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true");
Supprimée : user_pref("CT2851639.fixUrls", true);
Supprimée : user_pref("CT2851639.installId", "fft23B2.tmp.exe");
Supprimée : user_pref("CT2851639.installType", "XPE");
Supprimée : user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.isNewTabEnabled", true);
Supprimée : user_pref("CT2851639.isPerformedSmartBarTransition", "true");
Supprimée : user_pref("CT2851639.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Supprimée : user_pref("CT2851639.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Supprimée : user_pref("CT2851639.openThankYouPage", "true");
Supprimée : user_pref("CT2851639.openUninstallPage", "FALSE");
Supprimée : user_pref("CT2851639.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Supprimée : user_pref("CT2851639.search.searchAppId", "129351529700743801");
Supprimée : user_pref("CT2851639.search.searchCount", "0");
Supprimée : user_pref("CT2851639.searchInNewTabEnabledInHidden", "true");
Supprimée : user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Supprimée : user_pref("CT2851639.serviceLayer_services_appsMetadata_lastUpdate", "1347319052104");
Supprimée : user_pref("CT2851639.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347319052203");
Supprimée : user_pref("CT2851639.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347319053906");
Supprimée : user_pref("CT2851639.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347319055419");
Supprimée : user_pref("CT2851639.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347319053821");
Supprimée : user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1347319051244");
Supprimée : user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1347319050366");
Supprimée : user_pref("CT2851639.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347319053866");
Supprimée : user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1347319051186");
Supprimée : user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1347319052093");
Supprimée : user_pref("CT2851639.settingsINI", true);
Supprimée : user_pref("CT2851639.shouldFirstTimeDialog", "false");
Supprimée : user_pref("CT2851639.smartbar.CTID", "CT2851639");
Supprimée : user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR ");
Supprimée : user_pref("CT2851639.smartbar.Uninstall", "0");
Supprimée : user_pref("CT2851639.toolbarBornServerTime", "11-9-2012");
Supprimée : user_pref("CT2851639.toolbarCurrentServerTime", "11-9-2012");
Supprimée : user_pref("CT2851639.url_history0001", "hxxp://www.facebook.com/sgoti22?ref=stream:::clickhandler:::[...]
Supprimée : user_pref("CT2851639.UserID", "UN93729167254557939");
Supprimée : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,ezLooker,pagerage,buzzdock,top[...]
Supprimée : user_pref("extentions.y2layers.installId", "45dd9c1d-e6d0-4c60-bcdf-07ec7e0111c3");
Supprimée : user_pref("newtaburl.def_url", "hxxp://www.jerecherche.org/");

Fichier : C:\Users\chérie\AppData\Roaming\Mozilla\Firefox\Profiles\xhyailvf.default\prefs.js

Supprimée : user_pref("aol_toolbar.default.homepage.check", false);
Supprimée : user_pref("aol_toolbar.default.search.check", false);
Supprimée : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Supprimée : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Supprimée : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Supprimée : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Supprimée : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Supprimée : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Supprimée : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Supprimée : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Supprimée : user_pref("sweetim.toolbar.searchguard.enable", "");

-\ Google Chrome v24.0.1312.57

Fichier : C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée [l.12] : homepage = "hxxp://www1.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=008E2208CA7[...]
Supprimée [l.2406] : homepage = "hxxp://www1.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=008E2208CA7112[...]

Fichier : C:\Users\chérie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [21643 octets] - [03/07/2013 20:06:07]

########## EOF - C:\AdwCleaner[S1].txt - [21704 octets] ##########

Hilgurr · Answer

rapport otl

========== OTL ==========
Folder C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\ not found.
Folder C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\ffxtlbr@babylon.com\ not found.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-fluschipranie-tests folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-fluschipranie-lib\_locales folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-fluschipranie-lib folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-fluschipranie-data\_locales folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-fluschipranie-data folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib\windows folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib\utils folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib	raits folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib	abs folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib\events folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib\dom folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib\content folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-lib folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-api-utils-data folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-addon-kit-lib folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources\jid0-dg47y8cbsshh7eddmkeyb6phtn0-at-jetpack-addon-kit-data folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpackesources folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpack\components folder moved successfully.
C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpack folder moved successfully.
Folder C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\OneClickDownload@OneClickDownload.com\ not found.
Folder C:\Users\hilgurr\AppData\Roaming\mozilla\Firefox\Profiles\3j57a463.default\extensions\plugin@yontoo.com\ not found.
File C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\babylon.xml not found.
File C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\BrowserProtect.xml not found.
File C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\delta.xml not found.
File C:\Users\hilgurr\AppData\Roaming\mozilla\firefox\profiles\3j57a463.default\searchplugins\jerecherche.xml not found.
File C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib\2.3.19.11_0\plugins/ChromeApproveTBPlugin.dll ** not found.
File C:\Program Files (x86)\Software\Update\1.2.201.0
pSoftwareOneClick8.dll not found.
File C:\Users\hilgurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib\2.3.19.11_0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Boxore Client not found.
File C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ not found.
C:\Users\hilgurr\M-5820586829204950 folder moved successfully.
C:\Users\hilgurr\M-10adeaaea592 folder moved successfully.
C:\Users\hilgurr\M-38593585020495849 folder moved successfully.
Folder C:\Program Files (x86)\Boxore\ not found.
C:\Users\hilgurr\AppData\Roaming\driver\ass.exe moved successfully.
C:\Users\hilgurr\AppData\Roaming\driver\chp.exe moved successfully.
C:\Users\hilgurr\AppData\Roaming\driver\driver.exe moved successfully.
C:\Users\hilgurr	mp1.36 moved successfully.
C:\Users\hilgurr\AppData\Roaming\protected folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 07032013_201631

Hilgurr · Answer

Je n'arrive pas as compresser le dossier OTL

Malekal_morte- · Answer

ok tant pis.

Pour info, tu avais aussi ce malware : https://www.malekal.com/backdoor-irc-snk-se-propage-par-skype/

Je te conseille de changer tes mots de passe (Facebook, mail etc).

~~


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Sécurise ton PC !

Important - ton infection est venue par un exploit sur site web :   

Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.  
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.  
Exemple avec : Exploit Java  

Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash : 
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite     
https://forum.malekal.com/viewtopic.php?t=15960&start=  

Désactive Java de tes navigateurs WEB  : https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web


Passe le mot à tes amis ! 

~~

Filtrer les PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

~~

Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

Hilgurr · Answer

merci beaucoup !

Virus (TR/Sirefef.AH')

10 réponses

Discussions similaires