Mysearchdial ou newtab???Résolu/Fermé

Question

Bonjour, 
J'ai un soucis, quand j'ouvre un nouvel onglet ya un bidule new tab qui s'affiche. J'ai vu qu'il faisait parti de mysearchdial enfin je crois. Et comme je comprend les ordis aussi bien que le chinois bah je galère. Du coup est ce que vous auriez une astuce miraculeuse pour m'aider?

Merci d'avance :) 

Configuration: Windows 7 / Firefox 24.0

g3n-h@ckm@n · Accepted Answer

salut apprends le chinois lol ^^

==

 Télécharge et enregistre (lien direct) http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner ADWCleaner sur ton bureau :

Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur") puis clique sur scan

une fois fait , clique sur nettoyer et poste C:\Adwcleaner[Sx].txt

j'aimelesordis · Answer

Merci pour la réponse super rapide ;)
Par contre bah j'ai encore ce ****** de truc a la c** !




# AdwCleaner v3.010 - Rapport créé le 26/10/2013 à 22:36:10
# Mis à jour le 20/10/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Camille - CAMILLE-HP
# Exécuté depuis : C:\Users\Camille\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Babylon
[!] Dossier Supprimé : C:\ProgramData\bProtector
Dossier Supprimé : C:\Users\Camille\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\Camille\AppData\Roaming\Mysearchdial
Dossier Supprimé : C:\Users\Camille\AppData\Roaming\PerformerSoft
Fichier Supprimé : C:\Windows\System32oboot64.exe
Fichier Supprimé : C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\ok5m6xc8.default\bprotector_prefs.js
Fichier Supprimé : C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\ok5m6xc8.default\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\ok5m6xc8.default\user.js

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing	oolbar_vit_sweetim_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing	oolbar_vit_sweetim_RASMANCS
Clé Supprimée : HKCU\Software\f57dbdee56ee817
Clé Supprimée : HKLM\SOFTWARE\f57dbdee56ee817
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_artrage_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_artrage_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\APN PIP
Clé Supprimée : HKCU\Software\bProtector
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\mysearchdial.com
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKLM\Software\Vittalia
Clé Supprimée : [x64] HKCU\Software\bProtector

***** [ Navigateurs ] *****

-\ Internet Explorer v10.0.9200.16720

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\ Mozilla Firefox v24.0 (fr)

[ Fichier : C:\Users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\ok5m6xc8.default\prefs.js ]

Ligne Supprimée : user_pref("browser.search.order.1", "search the web (babylon)");
Ligne Supprimée : user_pref("extensions.crossrider.bic", "141e614461fdc74582637df3e4064706");
Ligne Supprimée : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Ligne Supprimée : user_pref("extensions.mysearchdial.appid", "{ca5caa63-b27c-4963-9bec-cb16a36d56f8}");
Ligne Supprimée : user_pref("extensions.mysearchdial.cd", "2xzuyetn2y1l1qzuyd0c0a0cye0czz0etc0cydzy0a0bye0ftn0d0tzu0cycycydtn1l2xzutbtftbtfydtftctdybtdtn1l1czu1l1c1h1b1qtctdta");
Ligne Supprimée : user_pref("extensions.mysearchdial.cr", "791869926");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltlng", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltsrch", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dnserr", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.exctlbr", false);
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpgurl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2xzuyetn2y1l1qzuyd0c0a0cye0czz0etc0cydzy0a0bye0ftn0d0tzu0cycycydtn1l2xzutbtftbtfydtftctdybtdtn1l1czu1l1c1[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.id", "5cac4c8e1c59ab4f");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlday", "16004");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlref", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.newtaburl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2xzuyetn2y1l1qzuyd0c0a0cye0czz0etc0cydzy0a0bye0ftn0d0tzu0cycycydtn1l2xzutbtftbtfydtftctdybtdtn1l1czu1l1[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.prtnrid", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.srchprvdr", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrid", "base");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrsrchurl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2xzuyetn2y1l1qzuyd0c0a0cye0czz0etc0cydzy0a0bye0ftn0d0tzu0cycycydtn1l2xzutbtftbtfydtftctdybtdtn1l1czu1[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.newtab", false);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.smplgrp", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.vrsnts", "1.8.21.021:17:34");

*************************

AdwCleaner[R0].txt - [8502 octets] - [26/10/2013 22:35:09]
AdwCleaner[S0].txt - [7698 octets] - [26/10/2013 22:36:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7758 octets] ##########

g3n-h@ckm@n · Answer

passe JRT : http://www.security-helpzone.com/gen-hackman/tutos-canneds/junkware-removal-tool/

j'aimelesordis · Answer

Voilà c'est chose faite :D Euh par contre j'ai l'impression d'avoir toujours une page chelou quand j'ouvre un nouvel onglet ce n'est pas du tout google par exemple. C'est normal?? En tout c'est bien gentil de répondre si vite, c'est la deuxième fois que je viens sur ce site et c'est toujours aussi efficace!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Camille on 26/10/2013 at 22:53:37,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-629253629-433374498-318185113-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2202B886-12CD-E45A-B99F-060674ACF759}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{57127698-729E-9FD2-F4BC-6FF7F10E193F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E56FF8C-76EE-4AA0-A43C-6B6BA1E94776}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2202B886-12CD-E45A-B99F-060674ACF759}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8E56FF8C-76EE-4AA0-A43C-6B6BA1E94776}



~~~ Files

Failed to delete: [File] "C:\Windows\syswow64\protector.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Camille\appdata\locallow\datamngr"



~~~ FireFox

Successfully deleted: [File] C:\Users\Camille\AppData\Roaming\mozilla\firefox\profiles\ok5m6xc8.default\bprotector_prefs.js
Emptied folder: C:\Users\Camille\AppData\Roaming\mozilla\firefox\profiles\ok5m6xc8.default\minidumps [150 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/10/2013 at 23:06:27,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

g3n-h@ckm@n · Answer

yes , on va fairre un diag pour faire sauter le reste :

fais OTL :

http://www.security-helpzone.com/gen-hackman/tutos-canneds/otl-2/

j'aimelesordis · Answer

http://cjoint.com/?CJAxRbnGo4K  (OTL)
http://cjoint.com/?CJAxRV2AW3C (extra)

J'ai crée des liens comme indiqué sur le site

j'aimelesordis · Answer

Et toujours cette page chelou
:(

g3n-h@ckm@n · Answer

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
MOD - [2012/06/23 18:43:04 | 000,790,520 | ---- | M] () -- C:\Windows\SysWOW64\protector.dll     
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {57127698-729E-9FD2-F4BC-6FF7F10E193F}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{57127698-729E-9FD2-F4BC-6FF7F10E193F}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0Czz0EtC0CyDzy0A0ByE0FtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=791869926&ir=
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-629253629-433374498-318185113-1001\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1     
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1     
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)     
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)     
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)     
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.25.2)     
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.25.2)     
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{675D6F69-400B-4017-BC38-8085ECA48EEB}: DhcpNameServer = 10.188.0.1 
O33 - MountPoints2\{449ed55b-8326-11e2-8c3e-b81766999922}\Shell - "" = AutoRun 
O33 - MountPoints2\{449ed55b-8326-11e2-8c3e-b81766999922}\Shell\AutoRun\command - "" = F:\LaunchU3.exe     
O33 - MountPoints2\{8737eacb-e1f0-11e0-b15a-c34b272f4f21}\Shell - "" = AutoRun 
O33 - MountPoints2\{8737eacb-e1f0-11e0-b15a-c34b272f4f21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a     
O33 - MountPoints2\{c83f832b-daee-11e0-9fea-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{c83f832b-daee-11e0-9fea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/12/10 11:40:41 | 000,242,304 | R--- | M] (Auralog)     
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a     
[2013/10/26 21:17:36 | 000,351,112 | ---- | M] () -- C:\Users\Camille\AppData\Local\mysearchdial-speeddial.crx 
[2012/06/23 18:43:04 | 000,790,520 | ---- | C] () -- C:\Windows\SysWow64\protector.dll     
[2013/07/16 09:37:07 | 000,000,000 | ---D | M] -- C:\3f4679ca7fe079889b8ab4c513dc7f1c 
[2012/06/23 18:43:04 | 000,790,520 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\system32\protector.dll     


:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"QuickTime Task"=-
[-HKEY_CURRENT_USER\Software\bProtector] 
[-HKEY_CURRENT_USER\Software\fAfvfSfP [fVf#f" fEfBfU [fh'Å ¶ ¬'³'ê'½f  [fJf< fAfvfSfP [fVf#f"] 


:Files
C:\Windows\Temp\*

:commands
[emptytemp]

&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

j'aimelesordis · Answer

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57127698-729E-9FD2-F4BC-6FF7F10E193F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57127698-729E-9FD2-F4BC-6FF7F10E193F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-629253629-433374498-318185113-1001\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr deleted successfully.
C:\Users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{675D6F69-400B-4017-BC38-8085ECA48EEB}\DhcpNameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{449ed55b-8326-11e2-8c3e-b81766999922}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449ed55b-8326-11e2-8c3e-b81766999922}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{449ed55b-8326-11e2-8c3e-b81766999922}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449ed55b-8326-11e2-8c3e-b81766999922}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8737eacb-e1f0-11e0-b15a-c34b272f4f21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8737eacb-e1f0-11e0-b15a-c34b272f4f21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8737eacb-e1f0-11e0-b15a-c34b272f4f21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8737eacb-e1f0-11e0-b15a-c34b272f4f21}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c83f832b-daee-11e0-9fea-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c83f832b-daee-11e0-9fea-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c83f832b-daee-11e0-9fea-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c83f832b-daee-11e0-9fea-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\Camille\AppData\Local\mysearchdial-speeddial.crx moved successfully.
C:\Windows\SysWOW64\protector.dll moved successfully.
C:\3f4679ca7fe079889b8ab4c513dc7f1c folder moved successfully.
File C:\Windows\system32\protector.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task deleted successfully.
Registry key HKEY_CURRENT_USER\Software\bProtector\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\fAfvfSfP [fVf#f" fEfBfU [fh'Å ¶ ¬'³'ê'½f [fJf< fAfvfSfP [fVf#f"\ not found.
========== FILES ==========
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\shaders folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines\flightsim\planet folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines\flightsim\keyboard folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines\flightsim\hud folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines\flightsim\controller folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines\flightsim\aircraft folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines\flightsim folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugines folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\lang folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20 folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\plugin folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\shaders folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes\flightsim\planet folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes\flightsim\keyboard folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes\flightsim\hud folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes\flightsim\controller folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes\flightsim\aircraft folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes\flightsim folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\clientes folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\Plugins folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\lang folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\imageformats folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20 folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client\alchemy folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth\client folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google\Google Earth folder moved successfully.
C:\Windows\Temp\._msige61\program files\Google folder moved successfully.
C:\Windows\Temp\._msige61\program files folder moved successfully.
C:\Windows\Temp\._msige61\LocalAppData\Google\Custom Buttons folder moved successfully.
C:\Windows\Temp\._msige61\LocalAppData\Google folder moved successfully.
C:\Windows\Temp\._msige61\LocalAppData folder moved successfully.
C:\Windows\Temp\._msige61 folder moved successfully.
C:\Windows\Temp\37180_updater.exe moved successfully.
C:\Windows\Temp\ACLM folder moved successfully.
C:\Windows\Temp\ACLM_GeneratedProxy.cs moved successfully.
C:\Windows\Temp\AdobeARM.log moved successfully.
C:\Windows\Temp\avast_ash\VLC Media Player folder moved successfully.
C:\Windows\Temp\avast_ash\QuickTime folder moved successfully.
C:\Windows\Temp\avast_ash\iTunes (64 Bit) folder moved successfully.
C:\Windows\Temp\avast_ash\Flash Player ActiveX folder moved successfully.
C:\Windows\Temp\avast_ash\Adobe AIR folder moved successfully.
C:\Windows\Temp\avast_ash folder moved successfully.
C:\Windows\Temp\cab_3392_2 moved successfully.
C:\Windows\Temp\cab_3392_3 moved successfully.
C:\Windows\Temp\cab_3392_4 moved successfully.
C:\Windows\Temp\cab_3392_5 moved successfully.
C:\Windows\Temp\cab_3392_6 moved successfully.
C:\Windows\Temp\cab_3740_2 moved successfully.
C:\Windows\Temp\cab_3740_3 moved successfully.
C:\Windows\Temp\cab_3740_4 moved successfully.
C:\Windows\Temp\cab_3740_5 moved successfully.
C:\Windows\Temp\cab_3740_6 moved successfully.
C:\Windows\Temp\cab_3908_2 moved successfully.
C:\Windows\Temp\cab_3908_3 moved successfully.
C:\Windows\Temp\cab_3908_4 moved successfully.
C:\Windows\Temp\cab_3908_5 moved successfully.
C:\Windows\Temp\cab_3908_6 moved successfully.
C:\Windows\Temp\cab_3908_7 moved successfully.
C:\Windows\Temp\cab_3908_8 moved successfully.
C:\Windows\Temp\cab_4960_2 moved successfully.
C:\Windows\Temp\cab_4960_3 moved successfully.
C:\Windows\Temp\cab_4960_4 moved successfully.
C:\Windows\Temp\cab_4960_5 moved successfully.
C:\Windows\Temp\cab_4960_6 moved successfully.
C:\Windows\Temp\cab_4960_7 moved successfully.
C:\Windows\Temp\cab_4960_8 moved successfully.
C:\Windows\Temp\cab_5100_2 moved successfully.
C:\Windows\Temp\cab_5100_3 moved successfully.
C:\Windows\Temp\cab_5100_4 moved successfully.
C:\Windows\Temp\cab_5100_5 moved successfully.
C:\Windows\Temp\cab_5100_6 moved successfully.
C:\Windows\Temp\cab_5100_7 moved successfully.
C:\Windows\Temp\cab_5100_8 moved successfully.
C:\Windows\Temp\cab_5656_2 moved successfully.
C:\Windows\Temp\cab_5656_3 moved successfully.
C:\Windows\Temp\cab_5656_4 moved successfully.
C:\Windows\Temp\cab_5656_5 moved successfully.
C:\Windows\Temp\cab_5656_6 moved successfully.
C:\Windows\Temp\cab_5704_2 moved successfully.
C:\Windows\Temp\cab_5704_3 moved successfully.
C:\Windows\Temp\cab_5704_4 moved successfully.
C:\Windows\Temp\cab_5704_5 moved successfully.
C:\Windows\Temp\cab_5704_6 moved successfully.
C:\Windows\Temp\cab_6680_2 moved successfully.
C:\Windows\Temp\cab_6680_3 moved successfully.
C:\Windows\Temp\cab_6680_4 moved successfully.
C:\Windows\Temp\cab_6680_5 moved successfully.
C:\Windows\Temp\cab_6680_6 moved successfully.
C:\Windows\Temp\cab_804_2 moved successfully.
C:\Windows\Temp\cab_804_3 moved successfully.
C:\Windows\Temp\cab_804_4 moved successfully.
C:\Windows\Temp\cab_804_5 moved successfully.
C:\Windows\Temp\cab_804_6 moved successfully.
C:\Windows\Temp\Cookies folder moved successfully.
C:\Windows\Temp\CPSSMasterCatalog.ini moved successfully.
C:\Windows\Temp\dd_clwireg.txt moved successfully.
C:\Windows\Temp\dd_dotNetFx40LP_Client_x86_x64fr_decompression_log.txt moved successfully.
C:\Windows\Temp\dd_dotNetFx40_Client_x86_x64_decompression_log.txt moved successfully.
C:\Windows\Temp\dd_NDP40-KB2468871-v2-x64_decompression_log.txt moved successfully.
C:\Windows\Temp\dd_SetupUtility.txt moved successfully.
C:\Windows\Temp\DMIB385.tmp moved successfully.
C:\Windows\Temp\DMIFC77.tmp moved successfully.
C:\Windows\Temp\dmiwu folder moved successfully.
C:\Windows\Temp\EDFB476F8DE7036409C1092BE2A04A92-Sigs folder moved successfully.
C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\PZIIB1WD folder moved successfully.
C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\PN2GDX1L folder moved successfully.
C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\LNVM13WR folder moved successfully.
C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\BIMAJ4OG folder moved successfully.
C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5 folder moved successfully.
C:\Windows\Temp\Fichiers Internet temporaires folder moved successfully.
C:\Windows\Temp\fwtsqmfile00.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile01.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile02.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile03.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile04.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile05.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile06.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile07.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile08.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile09.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile10.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile11.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile12.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile13.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile14.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile15.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile16.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile17.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile18.sqm moved successfully.
C:\Windows\Temp\fwtsqmfile19.sqm moved successfully.
C:\Windows\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\Temp\FXSTIFFDebugLogFile.txt moved successfully.
C:\Windows\Temp\HealthCheckAC.xml moved successfully.
C:\Windows\Temp\History\History.IE5 folder moved successfully.
C:\Windows\Temp\History folder moved successfully.
C:\Windows\Temp\hppldcoi.log moved successfully.
C:\Windows\Temp\hpzFR5ha.chm moved successfully.
C:\Windows\Temp\hpzFR5ha.hlp moved successfully.
C:\Windows\Temp\IE20B2.tmp folder moved successfully.
C:\Windows\Temp\IE2AB0.tmp folder moved successfully.
C:\Windows\Temp\is4992.tmp moved successfully.
C:\Windows\Temp\is6AF8.tmp moved successfully.
C:\Windows\Temp\is88BF.tmp moved successfully.
C:\Windows\Temp\isC755.tmp moved successfully.
C:\Windows\Temp\isC7FF.tmp moved successfully.
C:\Windows\Temp\isF74A.tmp moved successfully.
C:\Windows\Temp\KB2468871v2_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2468871v2_20111028_062551624-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2468871v2_20111028_062551624.html moved successfully.
C:\Windows\Temp\KB2478663_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2478663_20111028_061418744-Microsoft .NET Framework 4 Client Profile FRA Language Pack-MSP1.txt moved successfully.
C:\Windows\Temp\KB2478663_20111028_061418744-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2478663_20111028_061418744.html moved successfully.
C:\Windows\Temp\KB2518870_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2518870_20111028_061821356-Microsoft .NET Framework 4 Client Profile FRA Language Pack-MSP1.txt moved successfully.
C:\Windows\Temp\KB2518870_20111028_061821356-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2518870_20111028_061821356.html moved successfully.
C:\Windows\Temp\KB2533523_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2533523_20111028_060940424-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2533523_20111028_060940424.html moved successfully.
C:\Windows\Temp\KB2539636_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2539636_20111028_194819638-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2539636_20111028_194819638.html moved successfully.
C:\Windows\Temp\KB2572078_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2572078_20111028_062149761-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2572078_20111028_062149761.html moved successfully.
C:\Windows\Temp\KB2600217_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2600217_20120228_161629428-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2600217_20120228_161629428.html moved successfully.
C:\Windows\Temp\KB2604121_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2604121_20120510_084541175-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2604121_20120510_084541175.html moved successfully.
C:\Windows\Temp\KB2633870_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2633870_20120215_222042590-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2633870_20120215_222042590.html moved successfully.
C:\Windows\Temp\KB2656351_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2656351_20120103_030104596-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2656351_20120103_030104596.html moved successfully.
C:\Windows\Temp\KB2656368v2_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2656368v2_20120613_132448977-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2656368v2_20120613_132448977.html moved successfully.
C:\Windows\Temp\KB2656368v2_20120619_232109368-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2656368v2_20120619_232109368.html moved successfully.
C:\Windows\Temp\KB2656368_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2656368_20120413_030423970-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2656368_20120413_030423970.html moved successfully.
C:\Windows\Temp\KB2656405_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2656405_20120510_085146595-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2656405_20120510_085146595.html moved successfully.
C:\Windows\Temp\KB2686827_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2686827_20120613_131716342-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2686827_20120613_131716342.html moved successfully.
C:\Windows\Temp\KB2686827_20120619_231342975-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2686827_20120619_231342975.html moved successfully.
C:\Windows\Temp\KB2729449_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2729449_20121115_030531376-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2729449_20121115_030531376.html moved successfully.
C:\Windows\Temp\KB2737019_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2737019_20121115_031218213-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2737019_20121115_031218213.html moved successfully.
C:\Windows\Temp\KB2742595_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2742595_20130109_030438900-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2742595_20130109_030438900.html moved successfully.
C:\Windows\Temp\KB2789642_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2789642_20130214_022211729-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2789642_20130214_022211729.html moved successfully.
C:\Windows\Temp\KB2804576_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2804576_20130515_220953719-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2804576_20130515_220953719.html moved successfully.
C:\Windows\Temp\KB2835393_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2835393_20130712_030139391-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2835393_20130712_030139391.html moved successfully.
C:\Windows\Temp\KB2836939v3_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2836939v3_20131011_114128688-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2836939v3_20131011_114128688.html moved successfully.
C:\Windows\Temp\KB2836939_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2836939_20130802_021427711-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2836939_20130802_021427711.html moved successfully.
C:\Windows\Temp\KB2840628v2_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2840628v2_20130816_143824910-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2840628v2_20130816_143824910.html moved successfully.
C:\Windows\Temp\KB2840628_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2840628_20130712_031134707-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2840628_20130712_031134707.html moved successfully.
C:\Windows\Temp\KB2858302v2_10.0.30319 folder moved successfully.
C:\Windows\Temp\KB2858302v2_20131011_114840656-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\Temp\KB2858302v2_20131011_114840656.html moved successfully.
C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20111027_091505954-MSI_netfx_Core_x64.msi.txt moved successfully.
C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20111027_091505954.html moved successfully.
C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319 folder moved successfully.
C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20111027_092017101-MSI_netfx_CoreLP_x64.msi.txt moved successfully.
C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20111027_092017101.html moved successfully.
C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_4.0.30319 folder moved successfully.
C:\Windows\Temp\MpCmdRun.log moved successfully.
C:\Windows\Temp\MPInstrumentation folder moved successfully.
C:\Windows\Temp\MpSigStub.log moved successfully.
C:\Windows\Temp\MPTelemetrySubmit folder moved successfully.
C:\Windows\Temp\OutofProcReport126988.txt moved successfully.
C:\Windows\Temp\Plus-HD-3.5Installer_1382611617.log moved successfully.
C:\Windows\Temp\SDIAG_72cb6828-73a6-4885-b3a8-0df1b7fb23f2 folder moved successfully.
C:\Windows\Temp\SDIAG_d9e45820-547a-4f33-accb-29897785b099 folder moved successfully.
C:\Windows\Temp\TMP000000012E3BDA06D69EBEE4 moved successfully.
C:\Windows\Temp\TMP00000001921F57CA261F555F moved successfully.
C:\Windows\Temp\TMP00000001E4251FE1A46951AC moved successfully.
C:\Windows\Temp\TMP00000001F416C91DE57BE12F moved successfully.
C:\Windows\Temp\TMP0000000A5E7237086C120C82 moved successfully.
C:\Windows\Temp\TMP0000000E2FF4B84ED94FA6C0 moved successfully.
C:\Windows\Temp\TMP000000102D5E97E004314262 moved successfully.
C:\Windows\Temp\TMP00000021F65E62A06CB785E9 moved successfully.
C:\Windows\Temp\TMP0000005107562C502FF6EBCA moved successfully.
C:\Windows\Temp\TMP000000817339E7B308D0245E moved successfully.
C:\Windows\Temp\TMP000000BDAB269D863C1B5F27 moved successfully.
C:\Windows\Temp\TMP000000F8CA09FF0D5BB88149 moved successfully.
C:\Windows\Temp\TMP0000015EAC99D78BEC5586B5 moved successfully.
C:\Windows\Temp\TMP0000016833660A72C1D23267 moved successfully.
C:\Windows\Temp\TMP00000179304043D656CB7D4B moved successfully.
C:\Windows\Temp\TMP000001AB083AA6BB188B0F9C moved successfully.
C:\Windows\Temp\TMP0000020C0C6B2E80F0D299DD moved successfully.
C:\Windows\Temp\TMP0000025A6BAB0B0905DD7329 moved successfully.
C:\Windows\Temp\TMP000002AED5FEC4DBECDE8D05 moved successfully.
C:\Windows\Temp\TMP0000035735FD2EEFC57E5F95 moved successfully.
C:\Windows\Temp\TMP0000036A9F04C3217AD2FA81 moved successfully.
C:\Windows\Temp\TMP000003CF654A6B7621104455 moved successfully.
C:\Windows\Temp\TMP000003F552FC9BDDC2DEF52F moved successfully.
C:\Windows\Temp\TMP000003F98A55AF1D1544C02E moved successfully.
C:\Windows\Temp\TMP0000045894791E336A7E0848 moved successfully.
C:\Windows\Temp\TMP0000049CB9536117D40D7E7D moved successfully.
C:\Windows\Temp\TMP000004A2A33D5384B74467A5 moved successfully.
C:\Windows\Temp\TMP000004E510AEFD58B30A3FE4 moved successfully.
C:\Windows\Temp\TMP000004EAA9A4CE0E5399D54B moved successfully.
C:\Windows\Temp\TMP0000052459DDFDFB66277169 moved successfully.
C:\Windows\Temp\TMP00000776915B73916BDF5218 moved successfully.
C:\Windows\Temp\TMP000007BDD411FFC64550C703 moved successfully.
C:\Windows\Temp\TMP000008B293887CD73B42AC7A moved successfully.
C:\Windows\Temp\TMP000008D2B7366E6B0F6C1693 moved successfully.
C:\Windows\Temp\TS_BF39.tmp moved successfully.
C:\Windows\Temp\TS_C523.tmp moved successfully.
C:\Windows\Temp\TS_D079.tmp moved successfully.
C:\Windows\Temp\TS_D3E3.tmp moved successfully.
C:\Windows\Temp\TS_D403.tmp moved successfully.
C:\Windows\Temp\TS_DD08.tmp moved successfully.
C:\Windows\Temp\TS_DFC7.tmp moved successfully.
C:\Windows\Temp\TS_F08A.tmp moved successfully.
C:\Windows\Temp\TS_F240.tmp moved successfully.
C:\Windows\Temp\UDD1131.tmp moved successfully.
C:\Windows\Temp\UDD12F6.tmp moved successfully.
C:\Windows\Temp\WER3102.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER3112.tmp.hdmp moved successfully.
C:\Windows\Temp\WER3572.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER3573.tmp.hdmp moved successfully.
C:\Windows\Temp\WER3794.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER37A4.tmp.hdmp moved successfully.
C:\Windows\Temp\WER3BBC.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER3BBD.tmp.hdmp moved successfully.
C:\Windows\Temp\WER41C0.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER41C1.tmp.hdmp moved successfully.
C:\Windows\Temp\WER5763.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER5764.tmp.hdmp moved successfully.
C:\Windows\Temp\WER6AD7.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER6AD8.tmp.hdmp moved successfully.
C:\Windows\Temp\WER7DA7.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER7DB8.tmp.hdmp moved successfully.
C:\Windows\Temp\WER7DE7.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER7E08.tmp.hdmp moved successfully.
C:\Windows\Temp\WER8A63.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER8A74.tmp.hdmp moved successfully.
C:\Windows\Temp\WER9F6A.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WER9F7A.tmp.hdmp moved successfully.
C:\Windows\Temp\WERA075.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERA085.tmp.hdmp moved successfully.
C:\Windows\Temp\WERA215.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERA216.tmp.hdmp moved successfully.
C:\Windows\Temp\WERA402.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERA403.tmp.hdmp moved successfully.
C:\Windows\Temp\WERAD65.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERAD66.tmp.hdmp moved successfully.
C:\Windows\Temp\WERAE48.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERAE59.tmp.hdmp moved successfully.
C:\Windows\Temp\WERCEF2.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERCEF3.tmp.hdmp moved successfully.
C:\Windows\Temp\WERE2C6.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERE2C7.tmp.hdmp moved successfully.
C:\Windows\Temp\WERF0C1.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERF0D1.tmp.hdmp moved successfully.
C:\Windows\Temp\WERF353.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERF363.tmp.hdmp moved successfully.
C:\Windows\Temp\WERF9DD.tmp.WERInternalMetadata.xml moved successfully.
C:\Windows\Temp\WERF9DE.tmp.hdmp moved successfully.
Folder move failed. C:\Windows\Temp\_avast_ scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Camille
->Temp folder emptied: 3074838987 bytes
->Temporary Internet Files folder emptied: 513895206 bytes
->Java cache emptied: 928490 bytes
->FireFox cache emptied: 115136987 bytes
->Flash cache emptied: 150110 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 175992 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12060 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321791 bytes
RecycleBin emptied: 1683783 bytes
 
Total Files Cleaned = 3 576,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10272013_104335

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\Temp\_avast_ scheduled to be moved on reboot.
C:\Users\Camille\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Camille\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows	emp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

g3n-h@ckm@n · Answer

3.5 Go de gagnés !! ^^

'y'a une clé qui veut pas sauter

execute ceci :

http://www.security-helpzone.com/gen-hackman/pre_scan-2/canned-speech/

j'aimelesordis · Answer

Alors j'ai fais le truc seulement je ne trouve pas le rapport. Dans C:/ ya un dossier marqué pre_scan mais apres dedans je sais pas quel truc prendre

j'aimelesordis · Answer

Et ça veut dire que j'avais 3 go de trucs malveillant??

j'aimelesordis · Answer

Je l'ai refait ac une des extensions et ca donne ça :

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1013 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:20:56

~ Update on 13/10/2013 | 12.30 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/

~ [Camille (Administrator)] - [CAMILLE-HP]
~ SID = S-1-5-21-629253629-433374498-318185113-1001

~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
~ ProcessorNameString : Intel(R) Pentium(R) CPU        P6100  @ 2.00GHz
~ Identifier : Intel64 Family 6 Model 37 Stepping 5


~ Memory RAM = Total (MB) : 3987 | Free (MB) : 3029
~ Pagefile = Total (MB) : 7973 | Free (MB) : 7054
~ Virtual = Total (MB) : 4194 | Free (MB) : 4045

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

C:\Windows\Setup\Scripts\labelc2rdrive.exe
C:\Windows\Setup\Scripts\labelc2rdrive.exe.config
C:\Windows\Setup\Scripts\SetupComplete.cmd
C:\Windows\Setup\Scripts\OOBE.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [] | Total : 593070 Mo | Free : 535140 Mo -> NTFS
d:\ -> [Fixed] | [RECOVERY] | Total : 17110 Mo | Free : 2470 Mo -> NTFS
e:\ -> [CDROM] | [DV_L105DC_EN2_5] | Total : 7300 Mo | Free : 0 Mo -> CDFS

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!! 

¤¤¤¤¤¤¤¤¤¤ | Security

g3n-h@ckm@n · Answer

pas normal , refais avec l'extension .pif en mode sans echec

j'aimelesordis · Answer

Comment je fais pour le faire en mode sans echec?

g3n-h@ckm@n · Answer

Comment aller en Mode sans échec :

Attention !!! : NE JAMAIS DEMARRER EN MODE SANS ECHEC AVEC L'UTILITAIRE MSCONFIG !!!!

&#9654 Redémarres ton ordi 
&#9654 Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
&#9654 Tu verras un écran avec options de démarrage apparaître 
&#9654 Choisis la première option : Sans Échec, et valide avec "Entrée" 
&#9654 Choisis ton compte habituel

j'aimelesordis · Answer

http://cjoint.com/?CJBtPXKtSR5

Voilà j'ai réussi a faire le truc (alléluia!!) par contre tjs la fenetre pourri

g3n-h@ckm@n · Answer

relance l'outil , clique sur diag , heberge le rapprot c:\pre_diag_xx_xx_xx.txt sur https://www.cjoint.com/ et donne le lien

j'aimelesordis · Answer

http://cjoint.com/?CJBvY5eOHC7

:)

g3n-h@ckm@n · Answer

desinstalle norton online backup
desinstalle bing bar
désinstalle tout java

==========


 Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Windows\asr3232.dll 


    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

==========

sélectionne ce texte en gras , puis CTRL + C :

Kill::
All

Key::
[HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]|[Locked]
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FF0C5D-A537-4458-BBDC-C3CFAB1807F9}]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FF0C5D-A537-4458-BBDC-C3CFAB1807F9}] 
[HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7},]     
[HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},]     
[HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]     


File|Fold::
C:\Windows\System32\Tasks\CreateChoiceProcessTask     

MBR::
yes   

Clean::
yes

reboot::
yes

Relance Pre_scan puis choisis l'option « Script« L'outil va travailler instantanément
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script_date_heure.txt qui apparaitra à la racine du disque systeme (généralement c:\) en fin de travail

j'aimelesordis · Answer

https://www.virustotal.com/fr/file/0cc16592d720c9f5b518f53f18128cac000419336c61ef46d02c05a6574b7954/analysis/



et la suite :)


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 3.1013 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Camille : Windows 7 Home Premium (64 bits)
Switchs : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/
New restorepoint created
Script : 22:22:04
Boot : Normal  
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ | Processes stopped
(1152) -- wlanext.exe
(1184) -- wisptis.exe
(1512) -- spoolsv.exe
(1736) -- armsvc.exe
(1764) -- AERTSr64.exe
(1808) -- AppleMobileDeviceService.exe
(1904) -- wisptis.exe
(1964) -- explorer.exe
(1984) -- taskhost.exe
(1648) -- mDNSResponder.exe
(2096) -- ezSharedSvcHost.exe
(2172) -- HPWMISVC.exe
(2200) -- LSSrvc.exe
(2248) -- LMS.exe
(2504) -- Tablet.exe
(2572) -- WLIDSVC.EXE
(2696) -- WLIDSVCM.EXE
(2804) -- TabUserW.exe
(2820) -- Tablet.exe
(2916) -- SearchIndexer.exe
(3088) -- SynTPEnh.exe
(3284) -- RtkNGUI64.exe
(3316) -- igfxtray.exe
(3340) -- hkcmd.exe
(3352) -- igfxpers.exe
(3368) -- LightScribeControlPanel.exe
(3376) -- FacebookUpdate.exe
(3392) -- Skype.exe
(3464) -- IAStorIcon.exe
(3604) -- HPMSGSVC.exe
(3624) -- hpqWmiEx.exe
(1148) -- SynTPHelper.exe
(4120) -- wmpnetwk.exe
(4820) -- HPAdvisor.exe
(2728) -- PresentationFontCache.exe
(564) -- HPSA_Service.exe
(3176) -- HPWA_Service.exe
(4412) -- IAStorDataMgrSvc.exe
(3200) -- UNS.exe
(3248) -- HPWA_Main.exe
(6432) -- ctfmon.exe
(5920) -- msiexec.exe
(6176) -- firefox.exe
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]|[Locked]
Value Deleted : HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar : Locked
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
Key Deleted : HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FF0C5D-A537-4458-BBDC-C3CFAB1807F9}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FF0C5D-A537-4458-BBDC-C3CFAB1807F9}
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FF0C5D-A537-4458-BBDC-C3CFAB1807F9}]
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62FF0C5D-A537-4458-BBDC-C3CFAB1807F9}
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7},]
Key Deleted : HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7},
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},]
Key Deleted : HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},
¤¤¤¤¤¤¤¤¤¤ | Registry Deletions : [HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : HKU\S-1-5-21-629253629-433374498-318185113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
¤¤¤¤¤¤¤¤¤¤ | Files | Folders : C:\Windows\System32\Tasks\CreateChoiceProcessTask
File Moved to quarantine successfully : C:\Windows\System32\Tasks\CreateChoiceProcessTask
¤¤¤¤¤¤¤¤¤¤ | MBR

64 bits Not supported by MBR.exe , Dump : Impossible to extract !!!!!
¤¤¤¤¤¤¤¤¤¤ | Disk cleaning
FreeSpace : 536087
Cleaning disk...
FreeSpace : 536083

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤ | End : 22:22:20

g3n-h@ckm@n · Answer

toujours ton souci de fenetre ?

j'aimelesordis · Answer

oui :'(

j'aimelesordis · Answer

Si ça peut t'aider j'ai fais 2 captures ecran ou je clique droit et apres je fais propriétés de la page.

http://cjoint.com/?CJBwQw0Yl8Y
http://cjoint.com/?CJBwRRLfWvq

g3n-h@ckm@n · Answer

reinitialise firefox

https://forums.commentcamarche.net/forum/affich-37585758-reinitialiser-son-navigateur#reinitialiser-firefox

j'aimelesordis · Answer

Je viens de le reinitialiser et bah ça marche tjs pas je crois que je suis maudite !

g3n-h@ckm@n · Answer

tu voudrais quoi sur le nouvel ongleet ? que ca s'ouvre sur google ?

j'aimelesordis · Answer

Bah ouais c'est ça :)

g3n-h@ckm@n · Answer

ouvre un nouvel onglet et dans la barre d'adresse tape 

about:config

clique sur oui je ferai attention

dans la barre de recherche tape :

newtab

double clique sur "browser.newtab.url"

rentre comme donnée :

https://www.google.fr/?gws_rd=ssl

valide , ferme l'onglet , puis ouvre un nouvel onglet , normalement il s'ouvre sur google

j'aimelesordis · Answer

Merci beaucoup!!!! 
Enfin ça y est ! bon du coup tu m'as aidé à enlever plein de parasite de mon ordi si j'ai bien compris?
J'ai une dernière question, j'ai choppé mon problème en voulant télécharger format factory 3.2.0. du coup tu aurais un site sur pour télécharger un truc dans le genre sans qu'il m'installe tout les trucs chiants?

g3n-h@ckm@n · Answer

s'il l'a installé les trucs chiants c'est que tu n'as pas lu pendant le procédé d'installation de FF et pas décoché ou "décliné" les programmes qui ne t'interessent pas ) 
 
¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤
Attention ne télécharger les programmes uniquement que sur le site de l'éditeur......si je suis absent merci d'écouter uniquement JUJU666

j'aimelesordis · Answer

Bah si justement j'ai tout bien décoché car la première fois que j'ai du demander de l'aide sur ce forum c'est parce que j'avais pas lu les trucs et decoché. Là j'ai fait super gaffe et il me les a quand meme installé. Bon au pire jdemande à un pote de l'installer sur son ordi ;) 
En tout cas merci beaucoup de ton aide !!! Super forum, super efficace !

g3n-h@ckm@n · Answer

ok finis avec un grand menage tout de meme : http://www.security-helpzone.com/gen-hackman/nettoyage-en-fin-de-desinfection/

j'aimelesordis · Answer

# DelFix v10.4 - Rapport créé le 28/10/2013 à 15:38:26
# Mis à jour le 19/07/2013 par Xplode
# Nom d'utilisateur : Camille - CAMILLE-HP
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\_OTL
Supprimé : C:\pre_scan
Supprimé : C:\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\Pre_Diag_27_10_2013_21_48_57.txt
Supprimé : C:\Pre_Scan_27_10_2013_19_36_36.txt
Supprimé : C:\Pre_script_22_22_21.txt
Supprimée : HKCU\Software\g3n-h@ckm@n
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\g3n-h@ckm@n

~ Sauvegarde de la base de registre ... OK

~ Purge de la restauration système ...

Supprimé : RP #265 [Windows Update | 10/15/2013 11:53:33]
Supprimé : RP #266 [Windows Update | 10/22/2013 07:46:48]
Supprimé : RP #267 [Supprimé Microsoft Visual C++ 2005 Redistributable | 10/23/2013 11:40:29]
Supprimé : RP #268 [Supprimé Microsoft Visual C++ 2005 Redistributable | 10/23/2013 11:41:47]
Supprimé : RP #269 [Windows Update | 10/25/2013 10:27:46]
Supprimé : RP #270 [OTL Restore Point - 26/10/2013 23:17:51 | 10/26/2013 21:17:55]
Supprimé : RP #271 [Removed Norton Online Backup | 10/27/2013 21:10:58]
Supprimé : RP #272 [Removed Java 7 Update 25 | 10/27/2013 21:14:17]
Supprimé : RP #273 [Removed Java(TM) 6 Update 20 (64-bit) | 10/27/2013 21:15:14]
Supprimé : RP #274 [Removed Java(TM) 6 Update 35 | 10/27/2013 21:16:18]
Supprimé : RP #275 [Installed Java 7 Update 45 | 10/28/2013 13:54:01]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########

g3n-h@ckm@n · Answer

bien :)

j'aimelesordis · Answer

Voilà j'ai tout fait :D je suis super contente, mon ordi et tout propre maintenant !! ;) Merci encore pour ton aide !!!

g3n-h@ckm@n · Answer

;)

j'aimelesordis · Answer

Ah juste une dernière petite question. Depuis que j'ai fait le grand nettoyage et tout et que j'ai redémarrer mon ordi et bien je ne peux plus accéder à facebook, mais c'est le seul site. Donc je me demande si je n'ai pas supprimer en même temps des trucs important . Help again ?? ::$

g3n-h@ckm@n · Answer

ca fait quoi , ca dit quoi quand tu veux y accéder ?

j'aimelesordis · Answer

alors j'aiive à mettre mon identifiant et code puis page entièrement blanche ac url: https://www.facebook.com/?sk=lf et c'est tout aucun message d'erreur

g3n-h@ckm@n · Answer

ton flash player est bien à jour ?

j'aimelesordis · Answer

Oui dernière version 
Mais j'ai du le retélécharger après le nettoyage par contre.

g3n-h@ckm@n · Answer

as-tu bien ce signe devant l'url ?

http://cjoint.com/data3/3JDlRwxV6Cg.htm

j'aimelesordis · Answer

non j'ai juste le petit cadenas pas l'espece de lego (:$)

g3n-h@ckm@n · Answer

avec quel navigateur es-tu ?

j'aimelesordis · Answer

firefox

g3n-h@ckm@n · Answer

bizarre moi aussi...

j'aimelesordis · Answer

D'ailleur ce "lego" je ne l'ai sur aucune url. 
Et avant d'éteindre mon ordi hier soir, fb marchait correctement

g3n-h@ckm@n · Answer

tu es bien allé le chercher avec firefox , flash player ?

j'aimelesordis · Answer

oui

j'aimelesordis · Answer

Euh soudain ça remarche alors je n'ai rien fait je comprend pas :) bon désolé de t'avoir embeter pour rien :D bonne journée et merci pour tout le temps que tu as pris pour moi

g3n-h@ckm@n · Answer

lol ^^ :)

Mysearchdial ou newtab???

52 réponses

Discussions similaires

Newsletters