Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

comment supprimer virus win32:sirefef...

 

LOGICIELS : lemarin, 1 utilisateur anonyme et 52 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
 Mot :  Pseudo :  
Vider la liste des messages à citer
 
 Page :
1  2
Dernière Page
Page Suivante
Page Précédente
Première Page
Auteur
 Sujet :

comment supprimer virus win32:sirefef...

Prévenir les modérateurs en cas d'abus 
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 23/06/2012 à 14:13:51  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
j'ai un ordinateur qui fonctionne sous vista avec antivirus avast. Il est infecté par 3 virus qu'avast me detecte toute les 5 min. ils s'apellent win64:sirefef-A[trj], win32:malware-gen, win32:sirefef-AO[rtk]. Quelqu'un peut-il m'aider a supprimer ces virus.

 merci
 celine

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 23/06/2012 à 14:44:15  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoute2002

 les virus dont tu parles sont des rootkits

 fais ceci

 
 Télécharge load_tdsskiller de Loup Blanc sur ton Bureau

 http://support.kaspersky.com/d [...] killer.zip

 Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

 Lance load_tdsskiller en double-cliquant dessus. Clic droit et exécuter en tant qu'administrateur avec Vista/Seven

 lance le scan.

 http://nsa26.casimages.com/img​/2011/01/27/11012708271111174.​jpg



 Si une entrée est trouvée  il faut cocher  CURE

 Continue et redémarrer le pc

 http://img62.imageshack.us/img​62/8674/tdsskillertraitement22​2.png
 Tu peux récupérer le rapport en validant Report

 Poste le rapport C:\TDSSKiller.version_date_heu​re_log.txt
 (C:\ est la partition contenant l'OS du PC).

 PS au cas ou tu n’aurais pas cure coches DELETE continues et redemarres
 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 23/06/2012 à 15:56:32  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 j'ai tout bien fait mais les virus sont toujours la. je ne vois pas comment poster le rapport il n'y a pas de fichier .txt

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 23/06/2012 à 16:30:28  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re salut tdsskiller les a trouvés ou pas  :??:

 fais ceci


 Télécharge zhpdiag

 http://telechargement.zebulon.fr/zhpdiag.html


 Enregistrer le Fichier sur le bureau important
 exécuter en tant qu'administrateur pour Vista/7) pour lancer le programme d'assistant d'installation
 Tu le mets a jour en cliquant sur la flèche verte a coté du tournevis

 Scanner le pc en cliquant sur image de la loupe

 Enregistrer le rapport image de la disquette  qui apparaitra a la fin du scan

 si vista/ seven il faut désactiver l'uac

 aide en image
 http://www.commentcamarche.net [...] -util(...)

 très volumineux incomplet sur le forum

 il faut le poster sur www.cjoint.com

 1 parcourir : zhpdiag.txt sur le bureau

 2 déposer

 3 me donner le lien formé qui ressemble a çà
 http://cjoint.../3/8762ZHPDiag.txt ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 23/06/2012 à 16:49:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 Le tdsskiller avait efectivement trouvé des fichiers infecté.
 voici le resulta de l'analyse  de zhpdiag: http://cjoint.com/?BFxrUZnIqrd

(Publicité)
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 23/06/2012 à 17:35:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
RE
 



Le tdsskiller avait efectivement trouvé des fichiers infecté




 as tu redemarrer pour les supprimer ton rapport doit y etre

 2/zhpdiag tu es bien infectée fais ceci

 Sélectionnes et copies les lignes bleues suivantes
 
 [MD5.67873CD260C78BF5FAFFF1C8FC​F9FCEF] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.ex​e   [1694608] [PID.2604]    => Infection PUP (Adware.Bandoo)
 [MD5.6433B39FB6155EB69DE2BF2787​57C9D1] - (.Spigot, Inc. - Search Settings.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe   [1088904] [PID.2964]    => Infection PUP (PUP.Dealio)
 M3 - MFPP: Plugins - [salva] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.​xml    => Infection BT (Toolbar.Babylon)
 M2 - MFEP: prefs.js [salva - ywdiqcpr.default\ffxtlbr@babylon.com] [] Babylon v1.2.0 (.Babylon.)    => Infection BT (Toolbar.Babylon)
 M2 - MFEP: prefs.js [salva - ywdiqcpr.default\{99079a25-328f-4bd4-be04-00955acaa0a7}] [] Searchqu Toolbar v4.6.1.01 (.Visicom Media Inc..)    => Infection PUP (Adware.Bandoo)
 M2 - MFEP: prefs.js [salva - ywdiqcpr.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}] [] DealPly v2.0 (.dealply.com.)    => Infection PUP (PUP.DealPly)
 R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A03​0DA4402} . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) (No version) -- (.not file.)    => Infection BT (PUP.Dealio)
 [HKCU\Software\AppDataLow\Softw​are\Search Settings]    => Infection PUP (PUP.Dealio)
 [HKCU\Software\AppDataLow\Softw​are\pdfforge]    => Infection BT (PUP.Dealio)
 [HKCU\Software\AppDataLow\Softw​are\searchqutoolbar]    => Infection PUP (Adware.Bandoo)
 [HKCU\Software\BabylonToolbar]    => Infection BT (Toolbar.Babylon)
 [HKCU\Software\DataMngr]    => Infection PUP (PUP.BearShare)
 [HKCU\Software\DataMngr_Toolbar​]
 [HKCU\Software\DealPly]    => Infection PUP (PUP.DealPly)
 [HKCU\Software\Live-Player]    => Infection MagicControl (Adware.Navipromo)
 [HKCU\Software\OfferBox]    => Infection PUP (PUP.OfferBox)
 [HKCU\Software\Search Settings]    => Infection PUP (PUP.Dealio)
 [HKCU\Software\ilivid]    => Infection BT (Adware.Bandoo)
 [HKCU\Software\pdfforge]    => Infection BT (PUP.Dealio)
 O43 - CFD: 18/06/2012 - 20:49:29 - [0,756] ----D C:\Program Files\Application Updater    => Infection PUP (PUP.Dealio)
 O43 - CFD: 04/06/2012 - 22:06:01 - [1,772] ----D C:\Program Files\BabylonToolbar    => Infection BT (Toolbar.Babylon)
 O43 - CFD: 20/09/2009 - 14:06:56 - [0,031] ----D C:\Program Files\Dealio Toolbar    => Infection PUP (PUP.Dealio)
 O43 - CFD: 21/06/2012 - 22:06:32 - [0,375] ----D C:\Program Files\DealPly    => Infection PUP (PUP.DealPly)
 O43 - CFD: 24/03/2012 - 21:22:20 - [39,843] ----D C:\Program Files\iLivid    => Infection BT (Adware.Bandoo)
 O43 - CFD: 18/06/2012 - 20:49:28 - [1,336] ----D C:\Program Files\pdfforge Toolbar    => Infection BT (Adware.WidgiToolbar)
 O43 - CFD: 20/09/2009 - 14:07:09 - [0] ----D C:\Program Files\Search Settings    => Infection PUP (PUP.Dealio)
 O43 - CFD: 12/02/2012 - 14:38:11 - [9,381] ----D C:\Program Files\Windows iLivid Toolbar    => Infection BT (Adware.Bandoo)
 O43 - CFD: 18/06/2012 - 20:49:27 - [12,414] ----D C:\Program Files\Common Files\Spigot    => Infection PUP (PUP.Dealio)
 O43 - CFD: 04/06/2012 - 22:05:45 - [0] ----D C:\ProgramData\Babylon    => Infection BT (Toolbar.Babylon)
 O43 - CFD: 12/02/2012 - 14:38:53 - [6,036] --H-D C:\ProgramData\{B49A644A-1076-​4A3D-B124-DAA7862F2318}    => Infection BT (Adware.Bandoo)
 O43 - CFD: 04/06/2012 - 22:05:44 - [0,006] ----D C:\Users\salva\AppData\Roaming​\Babylon    => Infection BT (Toolbar.Babylon)
 O43 - CFD: 04/06/2012 - 22:06:09 - [2,050] ----D C:\Users\salva\AppData\Roaming​\BabylonToolbar    => Infection BT (Toolbar.Babylon)
 O43 - CFD: 29/11/2009 - 19:31:23 - [0,167] ----D C:\Users\salva\AppData\Roaming​\live-player    => Infection MagicControl (Adware.Navipromo)
 O43 - CFD: 12/02/2012 - 14:39:00 - [0,014] ----D C:\Users\salva\AppData\Local\I​livid Player    => Infection BT (Adware.Bandoo)
 O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\salva\AppData\Local\d​adawtb_nav.dat
 O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\salva\AppData\Local\d​adawtb_navps.dat
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("browser.babylon.HPO​nNewTab", "search.babylon.com" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("browser.search.defa​ultenginename", "Search the web (Babylon)" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("browser.search.orde​r.1", "Search the web (Babylon)" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.admin", false);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.aflt", "babsst" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.babExt", "" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.babTrack", "affID=110819" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.bbDpng", 21);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.dfltLng", "en" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.dfltSrch", true);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.hmpg", true);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.id", "96e5a79500000000000000224350f​3b3" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.instlDay", "15495" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.instlRef", "sst" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.keyWordUrl", "http://search.babylon.com/?af​fID=110819&babsrc=KW_ss&mntrId​=96e5a79500000000000[...]
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.lastDP", 21);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.lastVrsnTs", "1.5.3.1722:05:59" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.mntrFFxVrsn", "3.6" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.newTab", true);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.newTabUrl", "http://search.babylon.com/?ba​bsrc=NT_bb" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.noFFXTlbr", false);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.prdct", "BabylonToolbar" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.propectorlck", 78867388);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.prtkDS", 1);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.prtnrId", "babylon" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.ptch_0717", true);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.smplGrp", "none" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.srcExt", "ss" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.tlbrId", "tb9" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.vrsn", "1.5.3.17" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.vrsnTs", "1.5.3.1722:05:59" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar.vrsni", "1.5.3.17" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.aflt", "babsst" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.babExt", "" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.babTrack", "affID=110819" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.hardId", "96e5a79500000000000000224350f​3b3" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.id", "96e5a79500000000000000224350f​3b3" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.instlDay", "15495" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.instlRef", "sst" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.newTab", false);
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.prdct", "BabylonToolbar" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.prtnrId", "babylon" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.smplGrp", "none" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.srcExt", "ss" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.tlbrId", "tb9" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.vrsn", "1.5.3.17" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.vrsnTs", "1.5.3.1722:05:59" );
 O69 - SBI: prefs.js [salva - ywdiqcpr.default] user_pref("extensions.BabylonT​oolbar_i.vrsni", "1.5.3.17" );
 O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C​0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com
 [MD5.CA633367B991AD8C65767EE854​184F7E] [SPRF][12/12/2009] (...) -- C:\Users\salva\AppData\Local\d​adawtb_nav.dat   [260057]
 [MD5.091150D44CA19BA5E945BA9D80​C705D3] [SPRF][13/12/2009] (...) -- C:\Users\salva\AppData\Local\d​adawtb_navps.dat   [3240]
 [MD5.3A0CA3DE99BAA6054716270EB3​EDD020] [SPRF][24/03/2012] (...) -- C:\Users\salva\AppData\Local\T​emp\OB.exe   [785096]    => Infection BT (PUP.OfferBox)
 [MD5.30D80D796E8D4881F6217ED93C​624CCD] [SPRF][24/03/2012] (...) -- C:\Users\salva\AppData\Local\T​emp\OfferBoxSetup.exe   [187344]    => Infection PUP (PUP.OfferBox)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\App Management\ARPCache\Live-Player]
 [HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]    => Infection BT (Adware.MyWebSearch)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4a99-B4B6-146BF802​613B}]    => Infection BT (Toolbar.Babylon)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{4f​11acbb-393f-4c86-a214-ff3d0d15​5cc3}]    => Infection BT (Adware.Burn4Free)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{4f11acbb-393f-4c86-a214-ff3d0​d155cc3}]    => Infection BT (Adware.Burn4Free)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\App Management\ARPCache\{5791B7D3-8B34-4218-9750-6A8E45D0AD32}]    => Infection BT (PUP.Dealio)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{83​ff80f4-8c74-4b80-b5ba-c8ddd434​e5c4}]
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{83ff80f4-8c74-4b80-b5ba-c8ddd​434e5c4}]
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{98​889811-442D-49dd-99D7-DC866BE8​7DBC}]    => Infection BT (Toolbar.Babylon)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{98889811-442D-49dd-99D7-DC866​BE87DBC}]    => Infection BT (Toolbar.Babylon)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{99​079A25-328F-4BD4-BE04-00955ACA​A0A7}]    => Infection BT (Adware.Bandoo)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{99079A25-328F-4BD4-BE04-00955​ACAA0A7}]    => Infection BT (Adware.Bandoo)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{A6​174F27-1FFF-E1D6-A93F-BA48AD5D​D448}]    => Infection PUP (PUP.DealPly)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{d1​87a56b-a33f-4cbe-9d77-459fc0ba​e012}]    => Infection BT (Adware.Burn4Free)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{d187a56b-a33f-4cbe-9d77-459fc​0bae012}]    => Infection BT (Adware.Burn4Free)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{E3​12764E-7706-43F1-8DAB-FCDD2B1E​416D}]    => Infection PUP (PUP.Dealio)
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{E312764E-7706-43F1-8DAB-FCDD2​B1E416D}]    => Infection PUP (PUP.Dealio)
 [HKCU\Software\BabylonToolbar]    => Infection BT (Toolbar.Babylon)
 [HKCU\Software\DataMngr]    => Infection PUP (PUP.BearShare)
 [HKCU\Software\DataMngr_Toolbar​]
 [HKCU\Software\ilivid]    => Infection BT (Adware.Bandoo)
 [HKCU\Software\live-player]    => Infection MagicControl (Adware.Navipromo)
 [HKCU\Software\OfferBox]    => Infection PUP (PUP.OfferBox)
 [HKCU\Software\pdfforge]    => Infection BT (PUP.Dealio)
 [HKCU\Software\AppDataLow\Softw​are\pdfforge]    => Infection BT (PUP.Dealio)
 [HKCU\Software\Search Settings]    => Infection PUP (PUP.Dealio)
 [HKCU\Software\AppDataLow\Softw​are\Search Settings]    => Infection PUP (PUP.Dealio)
 [HKCU\Software\AppDataLow\Softw​are\searchqutoolbar]    => Infection PUP (Adware.Bandoo)
 [HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser]:{4f11acbb-393f-4c86-a214-ff3d​0d155cc3}    => Infection BT (Adware.Burn4Free)
 [HKCU\Software\Microsoft\Intern​et Explorer\URLSearchHooks]:{B922D405-6D13-4A2B-AE89-08A0​30DA4402}    => Infection BT (PUP.Dealio)
 C:\Program Files\Application Updater    => Infection PUP (PUP.Dealio)
 C:\Program Files\BabylonToolbar    => Infection BT (Toolbar.Babylon)
 C:\Program Files\Dealio Toolbar    => Infection PUP (PUP.Dealio)
 C:\Program Files\DealPly    => Infection PUP (PUP.DealPly)
 C:\Program Files\pdfforge Toolbar    => Infection BT (Adware.WidgiToolbar)
 C:\Program Files\Search Settings    => Infection PUP (PUP.Dealio)
 C:\Program Files\Windows iLivid Toolbar    => Infection BT (Adware.Bandoo)
 C:\Program Files\Common Files\Spigot    => Infection PUP (PUP.Dealio)
 C:\ProgramData\{B49A644A-1076-​4A3D-B124-DAA7862F2318}    => Infection BT (Adware.Bandoo)
 C:\ProgramData\Babylon    => Infection BT (Toolbar.Babylon)
 C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\DealPly    => Infection PUP (PUP.DealPly)
 C:\Users\salva\AppData\Roaming​\Babylon    => Infection BT (Toolbar.Babylon)
 C:\Users\salva\AppData\Roaming​\BabylonToolbar    => Infection BT (Toolbar.Babylon)
 C:\Users\salva\AppData\Roaming​\Live-Player    => Infection MagicControl (Adware.Navipromo)
 C:\Users\salva\AppData\LocalLo​w\BabylonToolbar    => Infection BT (Toolbar.Babylon)
 C:\Users\salva\AppData\LocalLo​w\Burn4Free Toolbar    => Infection PUP (Adware.Burn4Free)
 C:\Users\salva\AppData\LocalLo​w\Dealio    => Infection PUP (PUP.Dealio)
 C:\Users\salva\AppData\LocalLo​w\pdfforge    => Infection BT (PUP.Dealio)
 C:\Users\salva\AppData\LocalLo​w\Search Settings    => Infection PUP (PUP.Dealio)
 C:\Users\salva\AppData\LocalLo​w\searchquband    => Infection BT
 C:\Users\salva\AppData\LocalLo​w\searchqutoolbar    => Infection PUP (Adware.Bandoo)
 C:\Users\salva\AppData\Local\T​emp\BabylonToolbar    => Infection BT (Toolbar.Babylon)
 C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\searchqutoolbar    => Infection PUP (Adware.Bandoo)
 C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\Extensions\ffxtlb​r@babylon.com
 M0 - MFSP: prefs.js [salva - ywdiqcpr.default] http://www.searchnu.com
 C:\Program Files\Searchqu Toolbar
 C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\Extensions\pdffor​ge@mybrowserbar.com
 C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\Extensions\pdffor​ge@mybrowserbar.com
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{9D​717F81-9148-4F12-8568-69135F08​7DB0}]
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{9D717F81-9148-4F12-8568-69135​F087DB0}]
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4A99-B4B6-146BF802​613B}]
 [HKCU\Software\AppDataLow\Softw​are\Softonic_Espana_FF]
 [HKCU\Software\Softonic]    
 [HKCU\Software\Toolbar4Free
 [HKCU\Software\AppDataLow\Softw​are\Conduit]    => Toolbar.Conduit
 [HKCU\Software\AppDataLow\Softw​are\conduitEngine]    => Toolbar.Conduit
 [HKCU\Software\AppDataLow\Toolb​ar]    => Toolbar.Conduit
 [HKCU\Software\Toolbar4Free]    => Toolbar.Toolbar4Free
 O43 - CFD: 31/01/2009 - 21:44:18 - [0,934] ----D C:\Program Files\Conduit    => Toolbar.Conduit
 O43 - CFD: 15/02/2011 - 22:49:27 - [3,751] ----D C:\Program Files\ConduitEngine    => Toolbar.Conduit
 [MD5.5BE675E16E60EC2AF72386F2F0​3E1EFB] [SPRF][07/11/2010] (.Conduit Ltd. - Conduit Engine.) -- C:\Users\salva\AppData\Local\T​emp\nsk8538.tmp.ConduitEngineE​mbbed.exe   [4774104]
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{30​F9B915-B755-4826-820B-08FBA6BD​249D}]    => Toolbar.Conduit
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{30F9B915-B755-4826-820B-08FBA​6BD249D}]    => Toolbar.Conduit
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{f0​4fed2f-9027-4181-8a04-9fe3c26f​2865}]    => Toolbar.Conduit
 [HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{f04fed2f-9027-4181-8a04-9fe3c​26f2865}]    => Toolbar.Conduit
 [HKCU\Software\AppDataLow\Softw​are\conduitEngine]    => Toolbar.Conduit
 [HKCU\Software\AppDataLow\Toolb​ar]    => Toolbar.Conduit
 [HKCU\Software\Toolbar4Free]    => Toolbar.Toolbar4Free
 C:\Program Files\Conduit    => Toolbar.Conduit
 C:\Program Files\ConduitEngine    => Toolbar.Conduit
 C:\Users\salva\AppData\LocalLo​w\Conduit    => Toolbar.Conduit
 C:\Users\salva\AppData\LocalLo​w\ConduitEngine    => Toolbar.Conduit
 FirewallRaz
 EmptyFlash
 EmptyTemp
 


 lance zhpfix

 tu colles les lignes avec le bouton H

 tu supprimes avec le bouton GO

 copies colles zhpfixreport  ;)



---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 23/06/2012 à 17:54:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
j'avais bien redemaré l'ordi apres le tdsskiller.

 voici le rapport apres avoir suivis tes conseils. (les virus sont toujours la). j'espere que tu trouveras une solution

 Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012
 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-23-06​-2012-18-47-38.txt
 Run by salva at 23/06/2012 18:47:38
 Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
 Web site : http://www.premiumorange.com/z [...] hpfix.html
 Web site : http://nicolascoolman.skyrock.com/

 ========== Memory Process ==========
 DELETE on Reboot Memory Process: C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.ex​e
 DELETE on Reboot Memory Process: C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
 DELETED Memory Process: C:\Users\salva\AppData\Local\T​emp\OB.exe
 DELETED Memory Process: C:\Users\salva\AppData\Local\T​emp\OfferBoxSetup.exe
 DELETED Memory Process: C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\Extensions\pdffor​ge@mybrowserbar.com
 DELETED Memory Process: C:\Users\salva\AppData\Local\T​emp\nsk8538.tmp.ConduitEngineE​mbbed.exe

 ========== Registry Key ==========
 DELETED Key*: HKCU\Software\AppDataLow\Softw​are\Search Settings
 DELETED Key*: HKCU\Software\AppDataLow\Softw​are\pdfforge
 DELETED Key*: HKCU\Software\AppDataLow\Softw​are\searchqutoolbar
 DELETED Key*: HKCU\Software\BabylonToolbar
 DELETED Key*: HKCU\Software\DataMngr
 DELETED Key*: HKCU\Software\DataMngr_Toolbar
 DELETED Key*: HKCU\Software\DealPly
 DELETED Key*: HKCU\Software\Live-Player
 DELETED Key*: HKCU\Software\OfferBox
 DELETED Key*: HKCU\Software\Search Settings
 DELETED Key*: HKCU\Software\ilivid
 DELETED Key*: HKCU\Software\pdfforge
 DELETED Key*: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0​C0A66CC9}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\App Management\ARPCache\Live-Playe​r
 NOT FOUND Key: HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{0ecdf79​6-c2dc-4d79-a620-cce0c0a66cc9}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4a99-B4B6-146BF802​613B}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{4f​11acbb-393f-4c86-a214-ff3d0d15​5cc3}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{4f11acbb-393f-4c86-a214-ff3d0​d155cc3}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\App Management\ARPCache\{5791B7D3-​8B34-4218-9750-6A8E45D0AD32}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{83​ff80f4-8c74-4b80-b5ba-c8ddd434​e5c4}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{83ff80f4-8c74-4b80-b5ba-c8ddd​434e5c4}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{98​889811-442D-49dd-99D7-DC866BE8​7DBC}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{98889811-442D-49dd-99D7-DC866​BE87DBC}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{99​079A25-328F-4BD4-BE04-00955ACA​A0A7}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{99079A25-328F-4BD4-BE04-00955​ACAA0A7}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{A6​174F27-1FFF-E1D6-A93F-BA48AD5D​D448}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{d1​87a56b-a33f-4cbe-9d77-459fc0ba​e012}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{d187a56b-a33f-4cbe-9d77-459fc​0bae012}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{E3​12764E-7706-43F1-8DAB-FCDD2B1E​416D}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{E312764E-7706-43F1-8DAB-FCDD2​B1E416D}
 NOT FOUND Key: HKCU\Software\live-player
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{9D​717F81-9148-4F12-8568-69135F08​7DB0}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{9D717F81-9148-4F12-8568-69135​F087DB0}
 NOT FOUND Key: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4A99-B4B6-146BF802​613B}
 DELETED Key*: HKCU\Software\AppDataLow\Softw​are\Softonic_Espana_FF
 DELETED Key*: HKCU\Software\Softonic
 DELETED Key*: HKCU\Software\AppDataLow\Softw​are\Conduit
 DELETED Key*: HKCU\Software\AppDataLow\Softw​are\conduitEngine
 DELETED Key*: HKCU\Software\AppDataLow\Toolb​ar
 DELETED Key*: HKCU\Software\Toolbar4Free
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{30​F9B915-B755-4826-820B-08FBA6BD​249D}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{30F9B915-B755-4826-820B-08FBA​6BD249D}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{f0​4fed2f-9027-4181-8a04-9fe3c26f​2865}
 DELETED Key*: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{f04fed2f-9027-4181-8a04-9fe3c​26f2865}

 ========== Registry Value ==========
 DELETED URLSearchHook: {B922D405-6D13-4A2B-AE89-08A03​0DA4402}
 NOT FOUND [HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser]:{4f11acbb-393f-4c86-a214-ff3d​0d155cc3}
 NOT FOUND [HKCU\Software\Microsoft\Intern​et Explorer\URLSearchHooks]:{B922D405-6D13-4A2B-AE89-08A0​30DA4402}
 No Value in Standard Profile Register Key FirewallRaz :
 No Value in Domain Profile Register Key FirewallRaz :
 No Value in Firewall Exception Register Key (FirewallRaz)

 ========== Browser Profiles ==========
 DELETED Mozilla Pref: user_pref("browser.babylon.HPO​nNewTab", "search.babylon.com" );
 DELETED Mozilla Pref: user_pref("browser.search.defa​ultenginename", "Search the web (Babylon)" );
 DELETED Mozilla Pref: user_pref("browser.search.orde​r.1", "Search the web (Babylon)" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.admin", false);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.aflt", "babsst" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.babExt", "" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.babTrack", "affID=110819" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.bbDpng", 21);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.dfltLng", "en" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.dfltSrch", true);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.hmpg", true);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.id", "96e5a79500000000000000224350f​3b3" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.instlDay", "15495" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.instlRef", "sst" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.keyWordUrl", "http://search.babylon.com/?af​fID=110819&babsrc=KW_ss&mntrId​=96e5a79500000000000[...]
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.lastDP", 21);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.lastVrsnTs", "1.5.3.1722:05:59" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.mntrFFxVrsn", "3.6" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.newTab", true);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.newTabUrl", "http://search.babylon.com/?ba​bsrc=NT_bb" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.noFFXTlbr", false);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.prdct", "BabylonToolbar" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.propectorlck", 78867388);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.prtkDS", 1);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.prtnrId", "babylon" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.ptch_0717", true);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.smplGrp", "none" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.srcExt", "ss" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.tlbrId", "tb9" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.vrsn", "1.5.3.17" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.vrsnTs", "1.5.3.1722:05:59" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar.vrsni", "1.5.3.17" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.aflt", "babsst" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.babExt", "" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.babTrack", "affID=110819" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.hardId", "96e5a79500000000000000224350f​3b3" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.id", "96e5a79500000000000000224350f​3b3" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.instlDay", "15495" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.instlRef", "sst" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.newTab", false);
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.prdct", "BabylonToolbar" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.prtnrId", "babylon" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.smplGrp", "none" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.srcExt", "ss" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.tlbrId", "tb9" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.vrsn", "1.5.3.17" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.vrsnTs", "1.5.3.1722:05:59" );
 DELETED Mozilla Pref: user_pref("extensions.BabylonT​oolbar_i.vrsni", "1.5.3.17" );
 DELETED Mozilla Pref: http://www.searchnu.com

 ========== Repertory ==========
 DELETED Folder: C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\extensions\ffxtlb​r@babylon.com
 DELETED Folder: C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\extensions\{99079​a25-328f-4bd4-be04-00955acaa0a​7}
 DELETED Folder: C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\extensions\{EB939​4A3-4AD6-4918-9537-31A1FD8E8ED​F}
 DELETE on Reboot Folder**: C:\Program Files\Application Updater
 DELETE on Reboot Folder**: C:\Program Files\BabylonToolbar
 DELETE on Reboot Folder**: C:\Program Files\Dealio Toolbar
 DELETE on Reboot Folder**: C:\Program Files\DealPly
 DELETE on Reboot Folder**: C:\Program Files\iLivid
 DELETE on Reboot Folder**: C:\Program Files\pdfforge Toolbar
 DELETE on Reboot Folder**: C:\Program Files\Search Settings
 DELETE on Reboot Folder**: C:\Program Files\Windows iLivid Toolbar
 DELETE on Reboot Folder**: C:\Program Files\Common Files\Spigot
 DELETE on Reboot Folder**: C:\ProgramData\Babylon
 DELETE on Reboot Folder**: C:\ProgramData\{B49A644A-1076-​4A3D-B124-DAA7862F2318}
 DELETED Folder: C:\Users\salva\AppData\Roaming​\Babylon
 DELETE on Reboot Folder**: C:\Users\salva\AppData\Roaming​\BabylonToolbar
 DELETED Folder: C:\Users\salva\AppData\Roaming​\live-player
 DELETED Folder: C:\Users\salva\AppData\Local\I​livid Player
 DELETE on Reboot Folder**: c:\programdata\microsoft\windo​ws\start menu\programs\dealply
 DELETED Folder: c:\users\salva\appdata\locallo​w\babylontoolbar
 DELETED Folder: c:\users\salva\appdata\locallo​w\burn4free toolbar
 DELETED Folder: c:\users\salva\appdata\locallo​w\dealio
 DELETED Folder: c:\users\salva\appdata\locallo​w\pdfforge
 DELETED Folder: c:\users\salva\appdata\locallo​w\search settings
 DELETED Folder: c:\users\salva\appdata\locallo​w\searchquband
 DELETED Folder: c:\users\salva\appdata\locallo​w\searchqutoolbar
 DELETED Folder: c:\users\salva\appdata\local\t​emp\babylontoolbar
 DELETED Folder: c:\users\salva\appdata\roaming​\mozilla\firefox\profiles\ywdi​qcpr.default\searchqutoolbar
 DELETE on Reboot Folder**: c:\program files\searchqu toolbar
 DELETE on Reboot Folder**: C:\Program Files\Conduit
 DELETE on Reboot Folder**: C:\Program Files\ConduitEngine
 DELETED Folder: c:\users\salva\appdata\locallo​w\conduit
 DELETED Folder: c:\users\salva\appdata\locallo​w\conduitengine
 DELETED Flash Cookies:
 DELETED Window Temporary:

 ========== File ==========
 DELETE on Reboot c:\program files\mozilla firefox\searchplugins\babylon.​xml
 DELETED File: c:\users\salva\appdata\local\d​adawtb_nav.dat (Adware.Navipromo)
 DELETED File: c:\users\salva\appdata\local\d​adawtb_navps.dat (Adware.Navipromo)
 NOT FOUND Folder/File: c:\users\salva\appdata\local\d​adawtb_nav.dat
 NOT FOUND Folder/File: c:\users\salva\appdata\local\d​adawtb_navps.dat
 DELETED File: c:\users\salva\appdata\local\t​emp\ob.exe
 DELETED File*: c:\users\salva\appdata\local\t​emp\offerboxsetup.exe
 NOT FOUND Folder/File: c:\users\salva\appdata\roaming​\babylon
 NOT FOUND Folder/File: c:\users\salva\appdata\roaming​\live-player
 NOT FOUND Folder/File: c:\users\salva\appdata\roaming​\mozilla\firefox\profiles\ywdi​qcpr.default\extensions\ffxtlb​r@babylon.com
 DELETED File: c:\users\salva\appdata\roaming​\mozilla\firefox\profiles\ywdi​qcpr.default\extensions\pdffor​ge@mybrowserbar.com
 DELETED File*: c:\users\salva\appdata\local\t​emp\nsk8538.tmp.conduitenginee​mbbed.exe
 DELETED Flash Cookies:
 DELETED Window Temporary:

 ========== Other ==========
 NOT SUPPORTED [HKCU\Software\Toolbar4Free


 ========== Summary ==========
 6 : Memory Process
 44 : Registry Key
 6 : Registry Value
 35 : Repertory
 14 : File
 49 : Browser Profiles
 1 : Other


 End of clean in 01mn 43s

 ========== Report File ==========
 C:\ZHP\ZHPFix[R1].txt - 23/06/2012 18:47:38 [13077]

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 23/06/2012 à 20:43:38  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re donc les roots sont toujours la

 fais ceci


 Télécharges Malwarebytes version free
 http://www.malwarebytes.org/pr [...] bytes_free

 tu le mets a jour
 scan complet

 s’il trouve des infections  important
  coches les cases et supprimes la sélection

 Copies colles le rapport

 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/06/2012 à 12:53:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
boujour,
 le logiciel a trouvé 7 fichiers infectés on a tout coché tout supprimé mais ils sont toujours la. on a intallé le programme en espagnol desolé j'espere que tu pourra comprendre ce qu'il y a d'ecrit sinon demande le moi je parle courament espagnol.
 voici le rapport:

 Malwarebytes Anti-Malware (Versión de Prueba) 1.61.0.1400
 www.malwarebytes.org

 Versión de la Base de Datos: v2012.06.24.01

 Windows Vista Service Pack 1 x86 NTFS
 Internet Explorer 7.0.6001.18000
 salva :: SALVA1 [administrador]

 Protección: Habilitado

 24/06/2012 11:02:02
 mbam-log-2012-06-24 (11-02-02).txt

 Tipos de Análisis: Análisis Completo
 Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
 Opciones de análisis desactivados: P2P
 Objetos examinados: 367561
 Tiempo transcurrido: 1 hora(s), 54 minuto(s), 31 segundo(s)

 Procesos en Memoria Detectados: 0
 (No se han detectado elementos maliciosos)

 Módulos de Memoria Detectados: 0
 (No se han detectado elementos maliciosos)

 Claves del Registro Detectados: 2
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\PDF Reader (Adware.Agent) -> En cuarentena y eliminado con éxito.
 HKCU\SOFTWARE\CLASSES\CLSID\{4​2AEDC87-2188-41FD-B9A3-0C966FE​ABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> En cuarentena y eliminado con éxito.

 Valores del Registro Detectados: 2
 HKCU\SOFTWARE\CLASSES\CLSID\{4​2aedc87-2188-41fd-b9a3-0c966fe​abec1}\InprocServer32| (Trojan.Zaccess) -> datos: C:\Users\salva\AppData\Local\{​f047dbdd-b2be-cc46-5909-d77b87​659e7c}\n. -> En cuarentena y eliminado con éxito.
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> datos: C:\Windows\system32\regedit.ex​e -> En cuarentena y eliminado con éxito.

 Elementos de Datos del Registro Detectados: 0
 (No se han detectado elementos maliciosos)

 Carpetas Detectadas: 0
 (No se han detectado elementos maliciosos)

 Archivos Detectados: 3
 C:\$RECYCLE.BIN\S-1-5-21-11819​17803-1492491666-595143016-100​0\$R00O5MY.exe (PUP.BundleInstaller.4S) -> En cuarentena y eliminado con éxito.
 C:\Program Files\PDFReader\Uninstall\Unin​stall.exe (Adware.Agent) -> En cuarentena y eliminado con éxito.
 C:\Users\salva\AppData\Local\M​icrosoft\Windows\Temporary Internet Files\Content.IE5\F49WU5OP\sh[1].exe (Adware.Agent) -> En cuarentena y eliminado con éxito.

 fin)

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 24/06/2012 à 13:34:59  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoote2002

 fais ceci


 Télécharge Adwcleaner

  adwcleaner ICI

 Télécharges Pour Vista et Windows 7 : il faut lancer le fichier par clic-droit "Exécuter en tant qu'administrateur"

 Lance AdwCleaner.exe
 Acceptes l'avertissement qui suit
 Clic sur Recherche
 
 Patientes le temps de la recherche

 copies/colles sur le forum  le rapport qui apparait à la fin.

 Il est sauvegardé aussi sous (C:\AdwCleaner[R1].txt)
 Click sur Quitter
 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/06/2012 à 13:40:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
rebonjour,
 on avait oublié de redemarer l'ordinateur et apres cela aparement avast ne detecte plus les virus je pense que c'est bon signe. je ne sais pas s'il est donc necessaire de faire le adwcleaner?

(Publicité)
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 24/06/2012 à 15:19:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re il y avait infection on va faire du nettoyage
 fais adwcleaner  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/06/2012 à 16:26:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re voici le resultat de adwcleaner

 # AdwCleaner v1.609 - Logfile created 06/24/2012 at 17:23:26
 # Updated 10/06/2012 by Xplode
 # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
 # User : salva - SALVA1
 # Running from : C:\Users\salva\Desktop\adwclea​ner.exe
 # Option [Search]


 ***** [Services] *****

 Found : Application Updater

 ***** [Files / Folders] *****

 Folder Found : C:\Users\salva\AppData\LocalLo​w\BabylonToolbar
 Folder Found : C:\Users\salva\AppData\LocalLo​w\Conduit
 Folder Found : C:\Users\salva\AppData\LocalLo​w\ConduitEngine
 Folder Found : C:\Users\salva\AppData\LocalLo​w\Search Settings
 Folder Found : C:\Users\salva\AppData\LocalLo​w\searchquband
 Folder Found : C:\Users\salva\AppData\LocalLo​w\Searchqutoolbar
 Folder Found : C:\Users\salva\AppData\Roaming​\BabylonToolbar
 Folder Found : C:\ProgramData\{B49A644A-1076-​4A3D-B124-DAA7862F2318}
 Folder Found : C:\ProgramData\Babylon
 Folder Found : C:\ProgramData\boost_interproc​ess
 Folder Found : C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\DealPly
 Folder Found : C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\Ilivid
 Folder Found : C:\Program Files\Application Updater
 Folder Found : C:\Program Files\BabylonToolbar
 Folder Found : C:\Program Files\Conduit
 Folder Found : C:\Program Files\ConduitEngine
 Folder Found : C:\Program Files\Dealio Toolbar
 Folder Found : C:\Program Files\DealPly
 Folder Found : C:\Program Files\Ilivid
 Folder Found : C:\Program Files\pdfforge Toolbar
 Folder Found : C:\Program Files\Search Settings
 Folder Found : C:\Program Files\Searchqu Toolbar
 Folder Found : C:\Program Files\Windows iLivid Toolbar
 Folder Found : C:\Program Files\Common Files\spigot
 File Found : C:\Users\salva\AppData\Local\T​emp\Searchqu.ini
 File Found : C:\Users\salva\AppData\Local\T​emp\searchqutoolbar-manifest.x​ml
 File Found : C:\Users\salva\AppData\Local\T​emp\SetupDataMngr_Searchqu.exe
 File Found : C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\searchplugins\Sea​rch_Results.xml
 File Found : C:\Program Files\Mozilla Firefox\.autoreg
 File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.​xml
 File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_R​esults.xml
 File Found : C:\Windows\system32\conduitEng​ine.tmp

 ***** [Registry] *****

 
  • Key Found : HKLM\SOFTWARE\Classes\Toolbar.​CT1892250
Key Found : HKCU\Software\BabylonToolbar
 Key Found : HKCU\Software\DataMngr
 Key Found : HKCU\Software\DataMngr_Toolbar
 Key Found : HKCU\Software\AppDataLow\Softw​are\Conduit
 Key Found : HKCU\Software\AppDataLow\Softw​are\conduitEngine
 Key Found : HKCU\Software\AppDataLow\Softw​are\searchqutoolbar
 Key Found : HKCU\Software\AppDataLow\Softw​are\Search Settings
 Key Found : HKLM\SOFTWARE\Application Updater
 Key Found : HKLM\SOFTWARE\Babylon
 Key Found : HKLM\SOFTWARE\BabylonToolbar
 Key Found : HKLM\SOFTWARE\Conduit
 Key Found : HKLM\SOFTWARE\conduitEngine
 Key Found : HKLM\SOFTWARE\DataMngr
 Key Found : HKLM\SOFTWARE\DealPly
 Key Found : HKLM\SOFTWARE\pdfforge
 Key Found : HKLM\SOFTWARE\Search Settings
 Key Found : HKLM\SOFTWARE\SearchquMediabar​Tb
 Key Found : HKLM\SOFTWARE\Classes\b
 Key Found : HKLM\SOFTWARE\Classes\Babylon.​dskBnd
 Key Found : HKLM\SOFTWARE\Classes\Babylon.​dskBnd.1
 Key Found : HKLM\SOFTWARE\Classes\bbylnApp​.appCore
 Key Found : HKLM\SOFTWARE\Classes\bbylnApp​.appCore.1
 Key Found : HKLM\SOFTWARE\Classes\Conduit.​Engine
 Key Found : HKLM\SOFTWARE\Classes\escort.e​scrtBtn.1
 Key Found : HKLM\SOFTWARE\Classes\escort.e​scortIEPane
 Key Found : HKLM\SOFTWARE\Classes\escort.e​scortIEPane.1
 Key Found : HKLM\SOFTWARE\Classes\esrv.Bab​ylonESrvc
 Key Found : HKLM\SOFTWARE\Classes\esrv.Bab​ylonESrvc.1
 Key Found : HKLM\SOFTWARE\Classes\SearchQU​IEHelper.DNSGuard
 Key Found : HKLM\SOFTWARE\Classes\SearchQU​IEHelper.DNSGuard.1
 Key Found : HKLM\SOFTWARE\Classes\AppID\es​cort.DLL
 Key Found : HKLM\SOFTWARE\Classes\AppID\es​cortApp.DLL
 Key Found : HKLM\SOFTWARE\Classes\AppID\es​cortEng.DLL
 Key Found : HKLM\SOFTWARE\Classes\AppID\es​corTlbr.DLL
 Key Found : HKLM\SOFTWARE\Classes\AppID\es​rv.EXE
 Key Found : HKCU\Software\Google\Chrome\Ex​tensions\gaiilaahiahdejapggenm​dmafpmbipje
 Key Found : HKLM\SOFTWARE\Google\Chrome\Ex​tensions\gaiilaahiahdejapggenm​dmafpmbipje
 Key Found : HKLM\SOFTWARE\Google\Chrome\Ex​tensions\dhkplhfnhceodhffomolp​figojocbpcb
 Key Found : HKLM\SOFTWARE\Google\Chrome\Ex​tensions\gaiilaahiahdejapggenm​dmafpmbipje
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\{83​AA2913-C123-4146-85BD-AD8F9397​1D39}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Bab​ylonToolbar
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Dea​lPly
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Sea​rchqu Toolbar
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Win​dows Searchqu Toolbar
 Value Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Run [DataMngr]
 Value Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Run [SearchSettings]

 ***** [Registre - GUID] *****

 Key Found : HKLM\SOFTWARE\Classes\AppID\{0​9C554C3-109B-483C-A06B-F14172F​1A947}
 Key Found : HKLM\SOFTWARE\Classes\AppID\{3​5C1605E-438B-4D64-AAB1-8885F09​7A9B1}
 Key Found : HKLM\SOFTWARE\Classes\AppID\{4​E1E9D45-8BF9-4139-915C-9F83CC3​D5921}
 Key Found : HKLM\SOFTWARE\Classes\AppID\{B​12E99ED-69BD-437C-86BE-C862B9E​5444D}
 Key Found : HKLM\SOFTWARE\Classes\AppID\{B​DB69379-802F-4EAF-B541-F8DE92D​D98DB}
 Key Found : HKLM\SOFTWARE\Classes\AppID\{D​7EE8177-D51E-4F89-92B6-83EA2EC​40800}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{2​91BCCC1-6890-484A-89D3-318C928​DAC1B}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{2​EECD738-5844-4A99-B4B6-146BF80​2613B}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{3​0F9B915-B755-4826-820B-08FBA6B​D249D}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{3​C471948-F874-49F5-B338-4F214A2​EE0B1}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{9​7F2FF5B-260C-4CCF-834A-2DDA4E2​9E39E}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{9​8889811-442D-49DD-99D7-DC866BE​87DBC}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{9​9079A25-328F-4BD4-BE04-00955AC​AA0A7}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{9​D717F81-9148-4F12-8568-69135F0​87DB0}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{A​40DC6C5-79D0-4CA8-A185-8FF989A​F1115}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{A​6174F27-1FFF-E1D6-A93F-BA48AD5​DD448}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{B​8276A94-891D-453C-9FF3-715C042​A2575}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{B​922D405-6D13-4A2B-AE89-08A030D​A4402}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{C​C1AC828-BB47-4361-AFB5-96EEE25​9DD87}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{E​46C8196-B634-44A1-AF6E-957C642​78AB1}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{F​EFD3AF5-A346-4451-AA23-A3AD549​15515}
 Key Found : HKLM\SOFTWARE\Classes\CLSID\{F​FB9ADCB-8C79-4C29-81D3-74D46A9​3D370}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{44C3C1DB-2127-433C-98EC-4C9​412B5FC3A}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{4D5132DD-BB2B-4249-B5E0-D14​5A8C982E1}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{706D4A4B-184A-4434-B331-296​B07493D2D}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{813A22E0-3E2B-4188-9BDA-ECA​9878B8D48}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{8BE10F21-185F-4CA0-B789-992​1674C3993}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{94C0B25D-3359-4B10-B227-F96​A77DB773F}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{B0B75FBA-7288-4FD3-A9EB-7EE​27FA65599}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{B173667F-8395-4317-8DD6-45A​D1FE00047}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{B32672B3-F656-46E0-B584-FE6​1C0BB6037}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{BFE569F7-646C-4512-969B-9BE​3E580D393}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{C2434722-5C85-4CA0-BA69-1B6​7E7AB3D68}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{C2996524-2187-441F-A398-CD6​CB6B3D020}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{E047E227-5342-4D94-80F7-CFB​154BF55BD}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{E3F79BE9-24D4-4F4D-8C13-DF2​C9899F82E}
 Key Found : HKLM\SOFTWARE\Classes\Interfac​e\{E77EEF95-3E83-4BB8-9C0D-4A5​163774997}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{35C1605E-438B-4D64-AAB1-8885F​097A9B1}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{4E1E9D45-8BF9-4139-915C-9F83C​C3D5921}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{5B4144E1-B61D-495A-9A50-CD1A9​5D86D15}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{6A4BCABA-C437-4C76-A54E-AF31B​8A76CB9}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{6E8BF012-2C85-4834-B10A-1B31A​F173D70}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{841D5A49-E48D-413C-9C28-EB3D9​081D705}
 Key Found : HKLM\SOFTWARE\Classes\TypeLib\​{D7EE8177-D51E-4F89-92B6-83EA2​EC40800}
 Key Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{8375D9​C8-634F-4ECB-8CF5-C7416BA5D542​}
 Key Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{99079A​25-328F-4BD4-BE04-00955ACAA0A7​}
 Key Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{B922D4​05-6D13-4A2B-AE89-08A030DA4402​}
 Key Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\SearchScopes\{9BB47C1​7-9C68-4BB3-B188-DD9AF0FD2406}
 Key Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\SearchScopes\{AFDBDDA​A-5D3F-42EE-B79C-185A7020515B}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{2EECD738-5844-4A99-B4​B6-146BF802613B}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{30F9B915-B755-4826-82​0B-08FBA6BD249D}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{99079A25-328F-4BD4-BE​04-00955ACAA0A7}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{9D717F81-9148-4F12-85​68-69135F087DB0}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{A6174F27-1FFF-E1D6-A9​3F-BA48AD5DD448}
 Key Found : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{B922D405-6D13-4A2B-AE​89-08A030DA4402}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{B922D405-6D13-4A2B-AE89-08A03​0DA4402}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4A99-B4B6-146BF802​613B}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{30​F9B915-B755-4826-820B-08FBA6BD​249D}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{98​889811-442D-49DD-99D7-DC866BE8​7DBC}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{99​079A25-328F-4BD4-BE04-00955ACA​A0A7}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{9D​717F81-9148-4F12-8568-69135F08​7DB0}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{A6​174F27-1FFF-E1D6-A93F-BA48AD5D​D448}
 Key Found : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{B9​22D405-6D13-4A2B-AE89-08A030DA​4402}
 Value Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866​BE87DBC}]
 Value Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955​ACAA0A7}]
 Value Found : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A03​0DA4402}]

 ***** [Internet Browsers] *****

 -\\ Internet Explorer v7.0.6001.18000

 [OK] Registry is clean.

 -\\ Mozilla Firefox v3.6 (es-ES)

 Profile name : default
 File : C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\prefs.js

 Found : /*user_pref("browser.babylon.H​POnNewTab", "search.babylon.com" );*/
 Found : /*user_pref("browser.search.de​faultenginename", "Search the web (Babylon)" );*/
 Found : /*user_pref("browser.search.or​der.1", "Search the web (Babylon)" );*/
 Found : /*user_pref("browser.startup.h​omepage", "hxxp://search.babylon.com/?ba​bsrc=HP_def_cr&affID=110819" );[...]
 Found : /*user_pref("extensions.Babylo​nToolbar.admin", false);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.aflt", "babsst" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.babExt", "" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.babTrack", "affID=110819" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.bbDpng", 21);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.dfltLng", "en" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.dfltSrch", true);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.hmpg", true);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.id", "96e5a79500000000000000224350f​3b3" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.instlDay", "15495" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.instlRef", "sst" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.keyWordUrl", "hxxp://search.babylon.com/?af​fID=110819&babsrc=[...]
 Found : /*user_pref("extensions.Babylo​nToolbar.lastDP", 21);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.lastVrsnTs", "1.5.3.1722:05:59" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.mntrFFxVrsn", "3.6" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.newTab", true);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.newTabUrl", "hxxp://search.babylon.com/?ba​bsrc=NT_bb" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.noFFXTlbr", false);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.prdct", "BabylonToolbar" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.propectorlck", 78867388);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.prtkDS", 1);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.prtnrId", "babylon" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.ptch_0717", true);*/
 Found : /*user_pref("extensions.Babylo​nToolbar.smplGrp", "none" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.srcExt", "ss" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.tlbrId", "tb9" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.vrsn", "1.5.3.17" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.vrsnTs", "1.5.3.1722:05:59" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar.vrsni", "1.5.3.17" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.aflt", "babsst" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.babExt", "" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.babTrack", "affID=110819" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.hardId", "96e5a79500000000000000224350f​3b3" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.id", "96e5a79500000000000000224350f​3b3" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.instlDay", "15495" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.instlRef", "sst" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.newTab", false);*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.prdct", "BabylonToolbar" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.prtnrId", "babylon" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.smplGrp", "none" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.srcExt", "ss" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.tlbrId", "tb9" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.vrsn", "1.5.3.17" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.vrsnTs", "1.5.3.1722:05:59" );*/
 Found : /*user_pref("extensions.Babylo​nToolbar_i.vrsni", "1.5.3.17" );*/
 Found : user_pref("keyword.URL", "hxxp://dts.search-results.com​/sr?src=ffb&appid=169&systemid​=406&sr=0&q=" );

 -\\ Google Chrome v19.0.1084.56

 File : C:\Users\salva\AppData\Local\G​oogle\Chrome\User Data\Default\Preferences

 Found :       "name": "Search Results",
 Found :       "search_url": "hxxp://dts.search-results.com​/sr?src=crb&appid=164&systemid​=406&sr=0&q={searchT[...]
 Found :          "name": "Babylon ToolBar",
 Found :          "path": "C:\\Users\\salva\\AppData\\Lo​cal\\Google\\Chrome\\User Data\\Default\\Extensions\\[...]
 Found :          "name": "Babylon ToolBar"

 *************************

 AdwCleaner[R1].txt - [15797 octets] - [24/06/2012 17:23:26]

 ########## EOF - C:\AdwCleaner[R1].txt - [15926 octets] ##########

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 24/06/2012 à 20:10:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok shoute2002

 relance adwcleaner  suppression
 copies/colles C:\AdwCleaner[S1].txt ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/06/2012 à 21:46:26  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonsoir, voici le resultat. il existe aussi un meme fichier [s2]


 # AdwCleaner v1.609 - Logfile created 06/24/2012 at 22:37:59
 # Updated 10/06/2012 by Xplode
 # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
 # User : salva - SALVA1
 # Running from : C:\Users\salva\Desktop\adwclea​ner.exe
 # Option [Delete]

shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/06/2012 à 21:48:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici aussi le resultat du meme fichier [s2]:

 # AdwCleaner v1.609 - Logfile created 06/24/2012 at 22:38:28
 # Updated 10/06/2012 by Xplode
 # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
 # User : salva - SALVA1
 # Running from : C:\Users\salva\Desktop\adwclea​ner.exe
 # Option [Delete]


 ***** [Services] *****

 Stopped & Deleted : Application Updater

 ***** [Files / Folders] *****

 Folder Deleted : C:\Users\salva\AppData\LocalLo​w\BabylonToolbar
 Folder Deleted : C:\Users\salva\AppData\LocalLo​w\Conduit
 Folder Deleted : C:\Users\salva\AppData\LocalLo​w\ConduitEngine
 Folder Deleted : C:\Users\salva\AppData\LocalLo​w\Search Settings
 Folder Deleted : C:\Users\salva\AppData\LocalLo​w\searchquband
 Folder Deleted : C:\Users\salva\AppData\LocalLo​w\Searchqutoolbar
 Folder Deleted : C:\Users\salva\AppData\Roaming​\BabylonToolbar
 Folder Deleted : C:\ProgramData\{B49A644A-1076-​4A3D-B124-DAA7862F2318}
 Folder Deleted : C:\ProgramData\Babylon
 Folder Deleted : C:\ProgramData\boost_interproc​ess
 Folder Deleted : C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\DealPly
 Folder Deleted : C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\Ilivid
 Folder Deleted : C:\Program Files\Application Updater
 Folder Deleted : C:\Program Files\BabylonToolbar
 Folder Deleted : C:\Program Files\Conduit
 Folder Deleted : C:\Program Files\ConduitEngine
 Folder Deleted : C:\Program Files\Dealio Toolbar
 Folder Deleted : C:\Program Files\DealPly
 Folder Deleted : C:\Program Files\Ilivid
 Folder Deleted : C:\Program Files\pdfforge Toolbar
 Folder Deleted : C:\Program Files\Search Settings
 Deleted on reboot : C:\Program Files\Searchqu Toolbar
 Folder Deleted : C:\Program Files\Windows iLivid Toolbar
 Folder Deleted : C:\Program Files\Common Files\spigot
 File Deleted : C:\Users\salva\AppData\Local\T​emp\Searchqu.ini
 File Deleted : C:\Users\salva\AppData\Local\T​emp\searchqutoolbar-manifest.x​ml
 File Deleted : C:\Users\salva\AppData\Local\T​emp\SetupDataMngr_Searchqu.exe
 File Deleted : C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\searchplugins\Sea​rch_Results.xml
 File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
 File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.​xml
 File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_R​esults.xml
 File Deleted : C:\Windows\system32\conduitEng​ine.tmp

 ***** [Registry] *****

 
  • Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.​CT1892250
Key Deleted : HKCU\Software\BabylonToolbar
 Key Deleted : HKCU\Software\DataMngr
 Key Deleted : HKCU\Software\DataMngr_Toolbar
 Key Deleted : HKCU\Software\AppDataLow\Softw​are\Conduit
 Key Deleted : HKCU\Software\AppDataLow\Softw​are\conduitEngine
 Key Deleted : HKCU\Software\AppDataLow\Softw​are\searchqutoolbar
 Key Deleted : HKCU\Software\AppDataLow\Softw​are\Search Settings
 Key Deleted : HKLM\SOFTWARE\Application Updater
 Key Deleted : HKLM\SOFTWARE\Babylon
 Key Deleted : HKLM\SOFTWARE\BabylonToolbar
 Key Deleted : HKLM\SOFTWARE\Conduit
 Key Deleted : HKLM\SOFTWARE\conduitEngine
 Key Deleted : HKLM\SOFTWARE\DataMngr
 Key Deleted : HKLM\SOFTWARE\DealPly
 Key Deleted : HKLM\SOFTWARE\pdfforge
 Key Deleted : HKLM\SOFTWARE\Search Settings
 Key Deleted : HKLM\SOFTWARE\SearchquMediabar​Tb
 Key Deleted : HKLM\SOFTWARE\Classes\b
 Key Deleted : HKLM\SOFTWARE\Classes\Babylon.​dskBnd
 Key Deleted : HKLM\SOFTWARE\Classes\Babylon.​dskBnd.1
 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp​.appCore
 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp​.appCore.1
 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.​Engine
 Key Deleted : HKLM\SOFTWARE\Classes\escort.e​scrtBtn.1
 Key Deleted : HKLM\SOFTWARE\Classes\escort.e​scortIEPane
 Key Deleted : HKLM\SOFTWARE\Classes\escort.e​scortIEPane.1
 Key Deleted : HKLM\SOFTWARE\Classes\esrv.Bab​ylonESrvc
 Key Deleted : HKLM\SOFTWARE\Classes\esrv.Bab​ylonESrvc.1
 Key Deleted : HKLM\SOFTWARE\Classes\SearchQU​IEHelper.DNSGuard
 Key Deleted : HKLM\SOFTWARE\Classes\SearchQU​IEHelper.DNSGuard.1
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\es​cort.DLL
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\es​cortApp.DLL
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\es​cortEng.DLL
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\es​corTlbr.DLL
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\es​rv.EXE
 Key Deleted : HKCU\Software\Google\Chrome\Ex​tensions\gaiilaahiahdejapggenm​dmafpmbipje
 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Ex​tensions\gaiilaahiahdejapggenm​dmafpmbipje
 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Ex​tensions\dhkplhfnhceodhffomolp​figojocbpcb
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\{83​AA2913-C123-4146-85BD-AD8F9397​1D39}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Bab​ylonToolbar
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Dea​lPly
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Sea​rchqu Toolbar
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\Win​dows Searchqu Toolbar
 Value Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Run [DataMngr]
 Value Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Run [SearchSettings]

 ***** [Registre - GUID] *****

 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0​9C554C3-109B-483C-A06B-F14172F​1A947}
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3​5C1605E-438B-4D64-AAB1-8885F09​7A9B1}
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4​E1E9D45-8BF9-4139-915C-9F83CC3​D5921}
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B​12E99ED-69BD-437C-86BE-C862B9E​5444D}
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B​DB69379-802F-4EAF-B541-F8DE92D​D98DB}
 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D​7EE8177-D51E-4F89-92B6-83EA2EC​40800}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2​91BCCC1-6890-484A-89D3-318C928​DAC1B}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2​EECD738-5844-4A99-B4B6-146BF80​2613B}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3​0F9B915-B755-4826-820B-08FBA6B​D249D}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3​C471948-F874-49F5-B338-4F214A2​EE0B1}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9​7F2FF5B-260C-4CCF-834A-2DDA4E2​9E39E}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9​8889811-442D-49DD-99D7-DC866BE​87DBC}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9​9079A25-328F-4BD4-BE04-00955AC​AA0A7}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9​D717F81-9148-4F12-8568-69135F0​87DB0}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A​40DC6C5-79D0-4CA8-A185-8FF989A​F1115}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A​6174F27-1FFF-E1D6-A93F-BA48AD5​DD448}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B​8276A94-891D-453C-9FF3-715C042​A2575}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B​922D405-6D13-4A2B-AE89-08A030D​A4402}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C​C1AC828-BB47-4361-AFB5-96EEE25​9DD87}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E​46C8196-B634-44A1-AF6E-957C642​78AB1}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F​EFD3AF5-A346-4451-AA23-A3AD549​15515}
 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F​FB9ADCB-8C79-4C29-81D3-74D46A9​3D370}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{44C3C1DB-2127-433C-98EC-4C9​412B5FC3A}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{4D5132DD-BB2B-4249-B5E0-D14​5A8C982E1}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{706D4A4B-184A-4434-B331-296​B07493D2D}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{813A22E0-3E2B-4188-9BDA-ECA​9878B8D48}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{8BE10F21-185F-4CA0-B789-992​1674C3993}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{94C0B25D-3359-4B10-B227-F96​A77DB773F}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{B0B75FBA-7288-4FD3-A9EB-7EE​27FA65599}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{B173667F-8395-4317-8DD6-45A​D1FE00047}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{B32672B3-F656-46E0-B584-FE6​1C0BB6037}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{BFE569F7-646C-4512-969B-9BE​3E580D393}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{C2434722-5C85-4CA0-BA69-1B6​7E7AB3D68}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{C2996524-2187-441F-A398-CD6​CB6B3D020}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{E047E227-5342-4D94-80F7-CFB​154BF55BD}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{E3F79BE9-24D4-4F4D-8C13-DF2​C9899F82E}
 Key Deleted : HKLM\SOFTWARE\Classes\Interfac​e\{E77EEF95-3E83-4BB8-9C0D-4A5​163774997}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{35C1605E-438B-4D64-AAB1-8885F​097A9B1}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{4E1E9D45-8BF9-4139-915C-9F83C​C3D5921}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{5B4144E1-B61D-495A-9A50-CD1A9​5D86D15}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{6A4BCABA-C437-4C76-A54E-AF31B​8A76CB9}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{6E8BF012-2C85-4834-B10A-1B31A​F173D70}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{841D5A49-E48D-413C-9C28-EB3D9​081D705}
 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\​{D7EE8177-D51E-4F89-92B6-83EA2​EC40800}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{8375D9​C8-634F-4ECB-8CF5-C7416BA5D542​}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{99079A​25-328F-4BD4-BE04-00955ACAA0A7​}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{B922D4​05-6D13-4A2B-AE89-08A030DA4402​}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\SearchScopes\{9BB47C1​7-9C68-4BB3-B188-DD9AF0FD2406}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\SearchScopes\{AFDBDDA​A-5D3F-42EE-B79C-185A7020515B}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{2EECD738-5844-4A99-B4​B6-146BF802613B}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{30F9B915-B755-4826-82​0B-08FBA6BD249D}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{99079A25-328F-4BD4-BE​04-00955ACAA0A7}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{9D717F81-9148-4F12-85​68-69135F087DB0}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{A6174F27-1FFF-E1D6-A9​3F-BA48AD5DD448}
 Key Deleted : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{B922D405-6D13-4A2B-AE​89-08A030DA4402}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{B922D405-6D13-4A2B-AE89-08A03​0DA4402}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4A99-B4B6-146BF802​613B}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{30​F9B915-B755-4826-820B-08FBA6BD​249D}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{98​889811-442D-49DD-99D7-DC866BE8​7DBC}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{99​079A25-328F-4BD4-BE04-00955ACA​A0A7}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{9D​717F81-9148-4F12-8568-69135F08​7DB0}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{A6​174F27-1FFF-E1D6-A93F-BA48AD5D​D448}
 Key Deleted : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{B9​22D405-6D13-4A2B-AE89-08A030DA​4402}
 Value Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866​BE87DBC}]
 Value Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955​ACAA0A7}]
 Value Deleted : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A03​0DA4402}]

 ***** [Internet Browsers] *****

 -\\ Internet Explorer v7.0.6001.18000

 [OK] Registry is clean.

 -\\ Mozilla Firefox v3.6 (es-ES)

 Profile name : default
 File : C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\prefs.js

 C:\Users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\user.js ... Deleted !

 Deleted : /*user_pref("browser.babylon.H​POnNewTab", "search.babylon.com" );*/
 Deleted : /*user_pref("browser.search.de​faultenginename", "Search the web (Babylon)" );*/
 Deleted : /*user_pref("browser.search.or​der.1", "Search the web (Babylon)" );*/
 Deleted : /*user_pref("browser.startup.h​omepage", "hxxp://search.babylon.com/?ba​bsrc=HP_def_cr&affID=110819" );[...]
 Deleted : /*user_pref("extensions.Babylo​nToolbar.admin", false);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.aflt", "babsst" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.babExt", "" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.babTrack", "affID=110819" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.bbDpng", 21);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.dfltLng", "en" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.dfltSrch", true);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.hmpg", true);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.id", "96e5a79500000000000000224350f​3b3" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.instlDay", "15495" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.instlRef", "sst" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.keyWordUrl", "hxxp://search.babylon.com/?af​fID=110819&babsrc=[...]
 Deleted : /*user_pref("extensions.Babylo​nToolbar.lastDP", 21);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.lastVrsnTs", "1.5.3.1722:05:59" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.mntrFFxVrsn", "3.6" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.newTab", true);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.newTabUrl", "hxxp://search.babylon.com/?ba​bsrc=NT_bb" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.noFFXTlbr", false);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.prdct", "BabylonToolbar" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.propectorlck", 78867388);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.prtkDS", 1);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.prtnrId", "babylon" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.ptch_0717", true);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.smplGrp", "none" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.srcExt", "ss" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.tlbrId", "tb9" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.vrsn", "1.5.3.17" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.vrsnTs", "1.5.3.1722:05:59" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar.vrsni", "1.5.3.17" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.aflt", "babsst" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.babExt", "" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.babTrack", "affID=110819" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.hardId", "96e5a79500000000000000224350f​3b3" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.id", "96e5a79500000000000000224350f​3b3" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.instlDay", "15495" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.instlRef", "sst" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.newTab", false);*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.prdct", "BabylonToolbar" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.prtnrId", "babylon" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.smplGrp", "none" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.srcExt", "ss" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.tlbrId", "tb9" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.vrsn", "1.5.3.17" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.vrsnTs", "1.5.3.1722:05:59" );*/
 Deleted : /*user_pref("extensions.Babylo​nToolbar_i.vrsni", "1.5.3.17" );*/
 Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com​/sr?src=ffb&appid=169&systemid​=406&sr=0&q=" );

 -\\ Google Chrome v19.0.1084.56

 File : C:\Users\salva\AppData\Local\G​oogle\Chrome\User Data\Default\Preferences

 Deleted :       "name": "Search Results",
 Deleted :       "search_url": "hxxp://dts.search-results.com​/sr?src=crb&appid=164&systemid​=406&sr=0&q={searchT[...]
 Deleted :          "name": "Babylon ToolBar",
 Deleted :          "path": "C:\\Users\\salva\\AppData\\Lo​cal\\Google\\Chrome\\User Data\\Default\\Extensions\\[...]
 Deleted :          "name": "Babylon ToolBar"

 *************************

 AdwCleaner[R1].txt - [15928 octets] - [24/06/2012 17:23:26]
 AdwCleaner[S1].txt - [275 octets] - [24/06/2012 22:37:59]
 AdwCleaner[S2].txt - [16343 octets] - [24/06/2012 22:38:28]

 ########## EOF - C:\AdwCleaner[S2].txt - [16472 octets] ##########

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 25/06/2012 à 09:22:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut shoote2002

 ok meme procedure cette fois avec ad remover

 tu le télécharges

 http://www.donnemoilinfo.com/t [...] emover.php

 scan phase recherche
 
 copies/colles c:\ad_reportSCAN[1].txt  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 25/06/2012 à 21:53:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonsoir,

 j'imagine que tu le sais deja mais les virus sont toujours la!!! voici le resultat du scan de ad remover.


 ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 Updated by TeamXscript on 12/04/11
 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
 website: http://www.teamxscript.org

 C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 22:49:59 on 25/06/2012, Normal boot

 Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
 salva@SALVA1 (ASUSTeK Computer Inc. F5GL)
 
 ============== SEARCH ==============


 File found: C:\Users\salva\AppData\Local\e​gpaxaja.bat

 Key found: HKLM\Software\Classes\CLSID\{2​37CF9CD-B1BC-4910-A3C3-0E3482A​FBA8C}
 Key found: HKLM\Software\Classes\CLSID\{A​A48660C-F6AE-4557-BC0D-6A8FED7​52C4F}
 Key found: HKLM\Software\Microsoft\Window​s\CurrentVersion\Ext\PreApprov​ed\{AA48660C-F6AE-4557-BC0D-6A​8FED752C4F}
 Key found: HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\egp​axaja
 Key found: HKLM\Software\Live-Player
 Key found: HKLM\Software\Classes\Installe​r\Products\25F819738C578F74EAB​F83B9E8265BAD
 Key found: HKLM\Software\Microsoft\Window​s\CurrentVersion\Installer\Use​rdata\S-1-5-18\Products\25F819​738C578F74EABF83B9E8265BAD
 Key found: HKLM\Software\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{129C03​1B-AF30-4D05-A678-991B95598AC0​}

 Value found: HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser|{4​F11ACBB-393F-4C86-A214-FF3D0D1​55CC3}


 ============== ADDITIONNAL SCAN ==============

 **** Mozilla Firefox Version [3.6 (es-ES)] ****

 Searchplugins\creativecommons.​xml (hxxp://search.creativecommons​.org/)
 Searchplugins\drae.xml ( hxxp://buscon.rae.es/draeI/Srv​ltGUIBusUsual)
 Searchplugins\eBay-es.xml (hxxp://rover.ebay.com/rover/1​/1185-51955-19398-1/4)
 Searchplugins\wikipedia-es.xml (hxxp://es.wikipedia.org/wiki/​Special:Search)
 Searchplugins\yahoo-es.xml (hxxp://es.search.yahoo.com/se​arch)

 -- C:\Users\salva\AppData\Roaming​\Mozilla\FireFox\Profiles\ywdi​qcpr.default --
 Prefs.js - browser.download.lastDir, C:\\Users\\salva\\Desktop\\ima​genes doc robert
 Prefs.js - browser.search.selectedEngine,
 Prefs.js - browser.startup.homepage_overr​ide.mstone, rv:1.9.2

 ==============================​==========

 **** Internet Explorer Version [7.0.6001.18000] ****

 HKCU_Main|Default_Page_URL - hxxp://www.google.com/ig/redir​ectdomain?brand=ASUS&bmod=ASUS
 HKCU_Main|SearchMigratedDefaul​tURL - hxxp://www.google.com/search?q​={searchTerms}&sourceid=ie7&rl​s=com.microsoft:en-US&ie=utf8&​oe=utf8
 HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink​/?LinkId=54896
 HKCU_Main|Start Page - hxxp://www.google.es/
 HKLM_Main|Default_Page_URL - hxxp://www.google.com/ig/redir​ectdomain?brand=ASUS&bmod=ASUS
 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink​/?LinkId=54896
 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink​/?LinkId=54896
 HKLM_Main|Start Page - hxxp://www.google.com/ig/redir​ectdomain?brand=ASUS&bmod=ASUS
 HKLM_URLSearchHooks|{f04fed2f-​9027-4181-8a04-9fe3c26f2865} - "Media Plus Toolbar" (C:\Program Files\Media_Mule\tbMed2.dll)
 HKLM_URLSearchHooks|{0558df35-​d276-4dfb-88d9-c6398aeedf91} - "Softonic Espana FF Toolbar" (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 HKCU_SearchScopes\{9DF8E27A-E2​62-450B-B282-1695BC87C7AD} - "?" (?)
 HKCU_Toolbar\WebBrowser|{F04FE​D2F-9027-4181-8A04-9FE3C26F286​5} (C:\Program Files\Media_Mule\tbMed2.dll)
 HKCU_Toolbar\WebBrowser|{0558D​F35-D276-4DFB-88D9-C6398AEEDF9​1} (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 HKCU_Toolbar\WebBrowser|{4F11A​CBB-393F-4C86-A214-FF3D0D155CC​3} (x)
 HKLM_Toolbar|{f04fed2f-9027-41​81-8a04-9fe3c26f2865} (C:\Program Files\Media_Mule\tbMed2.dll)
 HKLM_Toolbar|{0558df35-d276-4d​fb-88d9-c6398aeedf91} (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 HKLM_Toolbar|{8E5E2654-AD2D-48​bf-AC2D-D17F00898D06} (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dl​l)
 HKLM_ElevationPolicy\2df3e1e4-​a42d-4f01-a183-5ab8aa788894 - C:\Program Files\Softonic_Espana_FF\Softo​nic_Espana_FFToolbarHelper.exe (?)
 HKLM_ElevationPolicy\{129C031B​-AF30-4D05-A678-991B95598AC0} - C:\Program Files\ConduitEngine\ConduitEng​ineHelper.exe (x)
 HKLM_ElevationPolicy\{74351F14​-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
 HKLM_ElevationPolicy\{78F5EAD1​-B8FB-4AE0-BEEA-0BEDF826E9C9} - C:\PROGRA~1\WI371A~1\Datamngr\​ToolBar\dtUser.exe (x)
 HKLM_ElevationPolicy\{a00068b1​-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
 HKLM_ElevationPolicy\{B7929459​-60DB-4304-B89E-0B67B10D4C76} - C:\Program Files\Media_Mule\Media_MuleToo​lbarHelper1.exe (Conduit Ltd.)
 HKLM_ElevationPolicy\{F744E27F​-E74A-4CB9-8E1F-F91BA8023BCC} - C:\PROGRA~1\SEARCH~2\Datamngr\​ToolBar\dtUser.exe (x)
 BHO\{02478D38-C3F9-4efb-9B51-7​695ECA05670} (?)
 BHO\{0558df35-d276-4dfb-88d9-c​6398aeedf91} - "Softonic Espana FF Toolbar" (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 BHO\{06849E9F-C8D7-4D59-B87D-7​84B7D6BE0B3} - "Aplicación auxiliar de vínculos de Adobe PDF Reader" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Ac​roIEHelper.dll)
 BHO\{5C255C8A-E604-49b4-9D64-9​0988571CECB} (?)
 BHO\{8E5E2654-AD2D-48bf-AC2D-D​17F00898D06} - "avast! WebRep" (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dl​l)
 BHO\{9030D464-4C02-4ABF-8ECC-5​164760863C6} - "Windows Live Aplicación auxiliar de inicio de sesión" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
 BHO\{f04fed2f-9027-4181-8a04-9​fe3c26f2865} - "Media Plus Toolbar" (C:\Program Files\Media_Mule\tbMed2.dll)

 ==============================​==========

 C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
 C:\Program Files\Ad-Remover\Backup: 1 File(s)

 C:\Ad-Report-SCAN[1].txt - 25/06/2012 22:50:14 (5652 Byte(s))

 End at: 22:51:17, 25/06/2012
 
 ============== E.O.F ==============

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 25/06/2012 à 23:00:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoute2002 relance ad remover nettoyer copies/colles

 C:\Ad-Report-CLEAN[1].txt

 ON approfondira ensuite

 tu peux faire une capture de la détection d'avast stp  ;)

 


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 26/06/2012 à 06:57:38  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour did80
 voici le resultat du nettoyge de ad remover.


 ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 Updated by TeamXscript on 12/04/11
 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
 website: http://www.teamxscript.org

 C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 07:47:49 on 26/06/2012, Normal boot

 Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
 salva@SALVA1 (ASUSTeK Computer Inc. F5GL)
 
 ============== ACTION(S) ==============


 File deleted: C:\Users\salva\AppData\Local\e​gpaxaja.bat

 (!) -- Temporary files deleted.


 Key deleted: HKLM\Software\Classes\CLSID\{2​37CF9CD-B1BC-4910-A3C3-0E3482A​FBA8C}
 Key deleted: HKLM\Software\Classes\CLSID\{A​A48660C-F6AE-4557-BC0D-6A8FED7​52C4F}
 Key deleted: HKLM\Software\Microsoft\Window​s\CurrentVersion\Ext\PreApprov​ed\{AA48660C-F6AE-4557-BC0D-6A​8FED752C4F}
 Key deleted: HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Uninstall\egp​axaja
 Key deleted: HKLM\Software\Live-Player
 Key deleted: HKLM\Software\Classes\Installe​r\Products\25F819738C578F74EAB​F83B9E8265BAD
 Key deleted: HKLM\Software\Microsoft\Window​s\CurrentVersion\Installer\Use​rdata\S-1-5-18\Products\25F819​738C578F74EABF83B9E8265BAD
 Key deleted: HKLM\Software\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{129C03​1B-AF30-4D05-A678-991B95598AC0​}

 Value deleted: HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser|{4​F11ACBB-393F-4C86-A214-FF3D0D1​55CC3}


 ============== ADDITIONNAL SCAN ==============

 **** Mozilla Firefox Version [3.6 (es-ES)] ****

 Searchplugins\creativecommons.​xml (hxxp://search.creativecommons​.org/)
 Searchplugins\drae.xml ( hxxp://buscon.rae.es/draeI/Srv​ltGUIBusUsual)
 Searchplugins\eBay-es.xml (hxxp://rover.ebay.com/rover/1​/1185-51955-19398-1/4)
 Searchplugins\wikipedia-es.xml (hxxp://es.wikipedia.org/wiki/​Special:Search)
 Searchplugins\yahoo-es.xml (hxxp://es.search.yahoo.com/se​arch)

 -- C:\Users\salva\AppData\Roaming​\Mozilla\FireFox\Profiles\ywdi​qcpr.default --
 Prefs.js - browser.download.lastDir, C:\\Users\\salva\\Desktop\\ima​genes doc robert
 Prefs.js - browser.search.selectedEngine,
 Prefs.js - browser.startup.homepage_overr​ide.mstone, rv:1.9.2

 ==============================​==========

 **** Internet Explorer Version [7.0.6001.18000] ****

 HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&pver=6&ar=ms​nhome
 HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&ar=iesearch
 HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink​/?linkid=54896
 HKCU_Main|Start Page - hxxp://fr.msn.com/
 HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink​/?LinkId=54896
 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&ar=iesearch
 HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.​htm
 HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&ar=iesearch
 HKLM_Main|Start Page - hxxp://fr.msn.com/
 HKLM_URLSearchHooks|{f04fed2f-​9027-4181-8a04-9fe3c26f2865} - "Media Plus Toolbar" (C:\Program Files\Media_Mule\tbMed2.dll)
 HKLM_URLSearchHooks|{0558df35-​d276-4dfb-88d9-c6398aeedf91} - "Softonic Espana FF Toolbar" (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 HKCU_SearchScopes\{9DF8E27A-E2​62-450B-B282-1695BC87C7AD} - "?" (?)
 HKCU_Toolbar\WebBrowser|{F04FE​D2F-9027-4181-8A04-9FE3C26F286​5} (C:\Program Files\Media_Mule\tbMed2.dll)
 HKCU_Toolbar\WebBrowser|{0558D​F35-D276-4DFB-88D9-C6398AEEDF9​1} (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 HKLM_Toolbar|{f04fed2f-9027-41​81-8a04-9fe3c26f2865} (C:\Program Files\Media_Mule\tbMed2.dll)
 HKLM_Toolbar|{0558df35-d276-4d​fb-88d9-c6398aeedf91} (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 HKLM_Toolbar|{8E5E2654-AD2D-48​bf-AC2D-D17F00898D06} (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dl​l)
 HKLM_ElevationPolicy\2df3e1e4-​a42d-4f01-a183-5ab8aa788894 - C:\Program Files\Softonic_Espana_FF\Softo​nic_Espana_FFToolbarHelper.exe (?)
 HKLM_ElevationPolicy\{74351F14​-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
 HKLM_ElevationPolicy\{78F5EAD1​-B8FB-4AE0-BEEA-0BEDF826E9C9} - C:\PROGRA~1\WI371A~1\Datamngr\​ToolBar\dtUser.exe (x)
 HKLM_ElevationPolicy\{a00068b1​-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
 HKLM_ElevationPolicy\{B7929459​-60DB-4304-B89E-0B67B10D4C76} - C:\Program Files\Media_Mule\Media_MuleToo​lbarHelper1.exe (Conduit Ltd.)
 HKLM_ElevationPolicy\{F744E27F​-E74A-4CB9-8E1F-F91BA8023BCC} - C:\PROGRA~1\SEARCH~2\Datamngr\​ToolBar\dtUser.exe (x)
 BHO\{02478D38-C3F9-4efb-9B51-7​695ECA05670} (?)
 BHO\{0558df35-d276-4dfb-88d9-c​6398aeedf91} - "Softonic Espana FF Toolbar" (C:\Program Files\Softonic_Espana_FF\tbSof​t.dll)
 BHO\{06849E9F-C8D7-4D59-B87D-7​84B7D6BE0B3} - "Aplicación auxiliar de vínculos de Adobe PDF Reader" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Ac​roIEHelper.dll)
 BHO\{5C255C8A-E604-49b4-9D64-9​0988571CECB} (?)
 BHO\{8E5E2654-AD2D-48bf-AC2D-D​17F00898D06} - "avast! WebRep" (C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dl​l)
 BHO\{9030D464-4C02-4ABF-8ECC-5​164760863C6} - "Windows Live Aplicación auxiliar de inicio de sesión" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
 BHO\{f04fed2f-9027-4181-8a04-9​fe3c26f2865} - "Media Plus Toolbar" (C:\Program Files\Media_Mule\tbMed2.dll)

 ==============================​==========

 C:\Program Files\Ad-Remover\Quarantine: 1 File(s)
 C:\Program Files\Ad-Remover\Backup: 16 File(s)

 C:\Ad-Report-CLEAN[1].txt - 26/06/2012 07:47:57 (5511 Byte(s))
 C:\Ad-Report-SCAN[1].txt - 25/06/2012 22:50:14 (5790 Byte(s))

 End at: 07:49:49, 26/06/2012
 
 ============== E.O.F ==============

shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 26/06/2012 à 07:29:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
je ne sais pas comment envoyer une capture d'image je te copie manuellemnt ce qu'avast a bloqué

 nom........................      00000001.@
 adresse original...........      C:Windows/Instaler/(f047dbdd-b​2be-cc46-5909-d77b87659e7c)/U
 virus......................       Win32:Malware-gen


 nom........................      80000000.@
 adresse original...........      C:Windows/Instaler/(f047dbdd-b​2be-cc46-5909-d77b87659e7c)/U
 virus......................       Win64:Sirefef-A (Trj)



 nom........................      800000cb.@
 adresse original...........      C:Windows/Instaler/(f047dbdd-b​2be-cc46-5909-d77b87659e7c)/U
 virus......................       Win32:Sirefef-AO (Rtk)

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 26/06/2012 à 09:05:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoute2002

 fais ceci


 Télécharges

  OTL

 Fait un double-clic sur l'icône d'OTL pour le lancer
 /!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 * Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 * Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

 * Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"
 



 
 netsvcs
 %SYSTEMDRIVE%\*.exe
 /md5start
 eventlog.dll
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iaStor.sys
 nvstor.sys
 atapi.sys
 IdeChnDr.sys
 viasraid.sys
 AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 ahcix86.sys
 KR10N.sys
 vstor32.sys
 ahcix86s.sys
 nvrd32.sys
 /md5stop
 %systemroot%\*. /mp /s
 %systemroot%\system32\*.dll /lockedfiles
 %systemroot%\Tasks\*.job /lockedfiles
 




 * Cliques sur l'icône "Analyse" (en haut à gauche) .
 * Laisse le scan aller à son terme sans te servir du PC
 * A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
 * Copie et colle le ou les rapports dans ta réponse stp...
 * Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
 Mets le rapport ici car il prend bien de la place.
 www.cjoint.com
 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 26/06/2012 à 22:09:36  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonsoir did80,
 voici le resultat du scan de OTL. avast l'a dans un premier temps detecté comme programme pas sure a utilisé, on a autorisé son utilisation normal sans aucun probleme. A la fin du scan un message d'erreur c'est affiché:
 win32 erreur:code 23
 erreur de données (verification redondance cyclique)

 les autres programes installé auparevent doivent-ils etre supprimés tous ou seulement quelques uns?


 OTL logfile created on: 26/06/2012 22:25:38 - Run 1
 OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\salva\Desktop\antivir​us
 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
 Internet Explorer (Version = 7.0.6001.18000)
 Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
 3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,64% Memory free
 6,20 Gb Paging File | 5,21 Gb Available in Paging File | 84,08% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 74,52 Gb Total Space | 13,37 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
 Drive D: | 64,76 Gb Total Space | 36,56 Gb Free Space | 56,46% Space Free | Partition Type: NTFS
 
 Computer Name: SALVA1 | User Name: salva | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - C:\Users\salva\Desktop\antivir​us\OTL.exe (OldTimer Tools)
 PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
 PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
 PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
 PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
 PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
 PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
 PRC - C:\Windows\AsScrPro.exe (ASUS)
 PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 PRC - C:\Program Files\CyberLink\Power2Go\CLMLS​vc.exe (CyberLink)
 PRC - C:\Program Files\ASUS\SmartLogon\smartlog​on.exe (ASUS)
 PRC - C:\Program Files\ASUS\SmartLogon\sensorsr​v.exe (ASUS)
 PRC - C:\Windows\System32\agrsmsvc.e​xe (Agere Systems)
 PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
 PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
 PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
 PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
 MOD - C:\Program Files\WinRAR\rarext.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtNetwork4.dll ()
 MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
 MOD - C:\Program Files\CyberLink\Power2Go\CLMed​iaLibrary.dll ()
 MOD - C:\Program Files\CyberLink\Power2Go\CLMLS​vcPS.dll ()
 MOD - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
 MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
 MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
 MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveSh​are9.exe File not found
 SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
 SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
 SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
 SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.e​xe (Agere Systems)
 SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
 DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
 DRV - (lvupdtio) -- C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys File not found
 DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
 DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mb​am.sys (Malwarebytes Corporation)
 DRV - (aswSnx) -- C:\Windows\System32\drivers\as​wSnx.sys (AVAST Software)
 DRV - (aswSP) -- C:\Windows\System32\drivers\as​wSP.sys (AVAST Software)
 DRV - (aswRdr) -- C:\Windows\System32\drivers\as​wRdr.sys (AVAST Software)
 DRV - (aswTdi) -- C:\Windows\System32\drivers\as​wTdi.sys (AVAST Software)
 DRV - (aswMonFlt) -- C:\Windows\System32\drivers\as​wMonFlt.sys (AVAST Software)
 DRV - (aswFsBlk) -- C:\Windows\System32\drivers\as​wFsBlk.sys (AVAST Software)
 DRV - (UsbserFilt) -- C:\Windows\System32\drivers\us​bser_lowerfltj.sys (Nokia)
 DRV - (upperdev) -- C:\Windows\System32\drivers\us​bser_lowerflt.sys (Nokia)
 DRV - (nmwcdc) -- C:\Windows\System32\drivers\cc​dcmbo.sys (Nokia)
 DRV - (nmwcd) -- C:\Windows\System32\drivers\cc​dcmb.sys (Nokia)
 DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pc​csmcfd.sys (Nokia)
 DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nv​lddmkm.sys (NVIDIA Corporation)
 DRV - (nvsmu) -- C:\Windows\System32\drivers\nv​smu.sys (NVIDIA Corporation)
 DRV - (NVENETFD) -- C:\Windows\System32\drivers\nv​mfdx32.sys (NVIDIA Corporation)
 DRV - (NVHDA) -- C:\Windows\System32\drivers\nv​hda32v.sys (NVIDIA Corporation)
 DRV - (kbfiltr) -- C:\Windows\System32\drivers\kb​filtr.sys ( )
 DRV - (CRFILTER) -- C:\Windows\System32\drivers\CR​FILTER.sys (Generic)
 DRV - (athr) -- C:\Windows\System32\drivers\at​hr.sys (Atheros Communications, Inc.)
 DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\sn​p2uvc.sys ()
 DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AG​RSM.sys (Agere Systems)
 DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
 DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
 DRV - (MTsensor) -- C:\Windows\System32\drivers\AT​KACPI.sys (ATK0100)
 DRV - (smserial) -- C:\Windows\System32\drivers\sm​serial.sys (Motorola Inc.)
 DRV - (RTL8169) -- C:\Windows\System32\drivers\Rt​lh86.sys (Realtek Corporation)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Local Page = %SystemRoot%\system32\blank.ht​m
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.msn.com/
 IE - HKLM\..\URLSearchHook: {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 IE - HKLM\..\URLSearchHook: {f04fed2f-9027-4181-8a04-9fe3c​26f2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)
 IE - HKLM\..\SearchScopes,DefaultSc​ope = {9BB47C17-9C68-4BB3-B188-DD9AF​0FD2406}
 IE - HKLM\..\SearchScopes\{0633EE93​-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results [...] r:source?}
 IE - HKLM\..\SearchScopes\{67A2568C​-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?s [...] lz=1I7ASUS
 
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.msn.com/
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,StartPageCache = 1
 IE - HKCU\..\SearchScopes,DefaultSc​ope = {4ADE84E1-7BA2-48CB-A20B-989F0​9D62AAC}
 IE - HKCU\..\SearchScopes\${searchC​LSID}: "URL" = http://search.live.com/results [...] r:source?}
 IE - HKCU\..\SearchScopes\{4ADE84E1​-7BA2-48CB-A20B-989F09D62AAC}: "URL" = http://www.google.com/search?q [...] US_esES310
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.search.param​.yahoo-fr: "chr-greentree_ff&type=971163&​ilc=12"
 FF - prefs.js..browser.search.selec​tedEngine: ""
 FF - prefs.js..extensions.enabledIt​ems: pdfforge@mybrowserbar.com:5.9
 FF - prefs.js..extensions.enabledIt​ems: wtxpcom@mybrowserbar.com:5.9
 FF - prefs.js..extensions.enabledIt​ems: {CAFEEFAC-0016-0000-0021-ABCDE​FFEDCBA}:6.0.21
 FF - prefs.js..extensions.enabledIt​ems: {CAFEEFAC-0016-0000-0023-ABCDE​FFEDCBA}:6.0.23
 FF - prefs.js..extensions.enabledIt​ems: ffxtlbr@babylon.com:1.2.0
 FF - prefs.js..extensions.enabledIt​ems: {1FD91A9C-410C-4090-BBCC-55D34​50EF433}:1.0
 FF - prefs.js..extensions.enabledIt​ems: {99079a25-328f-4bd4-be04-00955​acaa0a7}:4.6.1.01
 FF - prefs.js..extensions.enabledIt​ems: {EB9394A3-4AD6-4918-9537-31A1F​D8E8EDF}:2.0
 FF - user.js - File not found
 
 FF - HKLM\Software\MozillaPlugins\@​adobe.com/FlashPlayer: C:\Windows\system32\Macromed\F​lash\NPSWF32.dll ()
 FF - HKLM\Software\MozillaPlugins\@​Apple.com/iTunes,version=:  File not found
 FF - HKLM\Software\MozillaPlugins\@​Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
 FF - HKLM\Software\MozillaPlugins\@​divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
 FF - HKLM\Software\MozillaPlugins\@​java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin​\npjp2.dll (Sun Microsystems, Inc.)
 FF - HKLM\Software\MozillaPlugins\@​Microsoft.com/NpCtrl,version=1​.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl​.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@​microsoft.com/OfficeLive,versi​on=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 FF - HKLM\Software\MozillaPlugins\@​microsoft.com/WLPG,version=14.​0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@​microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Frame​work\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@​real.com/nppl3260;version=6.0.​11.3088: C:\Program Files\Real Alternative\browser\plugins\np​pl3260.dll (RealNetworks, Inc.)
 FF - HKLM\Software\MozillaPlugins\@​real.com/nprpjplug;version=6.0​.11.3006: C:\Program Files\Real Alternative\browser\plugins\np​rpjplug.dll (RealNetworks, Inc.)
 FF - HKLM\Software\MozillaPlugins\@​real.com/nsJSRealPlayerPlugin;​version=:  File not found
 FF - HKLM\Software\MozillaPlugins\@​tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111​\npGoogleUpdate3.dll (Google Inc.)
 FF - HKLM\Software\MozillaPlugins\@​tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111​\npGoogleUpdate3.dll (Google Inc.)
 
 FF - HKEY_LOCAL_MACHINE\software\mo​zilla\Firefox\Extensions\\bkmr​ksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/05 17:26:24 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mo​zilla\Firefox\Extensions\\wrc@​avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/06/21 21:59:09 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mo​zilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/10 19:20:36 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mo​zilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/10 19:20:36 | 000,000,000 | ---D | M]
 
 [2012/03/24 21:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming​\mozilla\Extensions
 [2010/04/07 23:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming​\mozilla\Extensions\home2@tomt​om.com
 [2012/06/23 18:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\salva\AppData\Roaming​\mozilla\Firefox\Profiles\ywdi​qcpr.default\extensions
 [2010/03/13 19:01:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\salva\AppData\Roaming​\mozilla\Firefox\Profiles\ywdi​qcpr.default\extensions\{20a82​645-c095-46ed-80e3-08825760534​b}
 [2012/03/24 21:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
 [2010/09/12 13:52:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0​016-0000-0021-ABCDEFFEDCBA}
 [2010/12/31 10:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0​016-0000-0023-ABCDEFFEDCBA}
 File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
 File not found (No name found) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
 File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENS​ION
 File not found (No name found) -- C:\USERS\SALVA\APPDATA\ROAMING​\MOZILLA\FIREFOX\PROFILES\YWDI​QCPR.DEFAULT\EXTENSIONS\{99079​A25-328F-4BD4-BE04-00955ACAA0A​7}
 File not found (No name found) -- C:\USERS\SALVA\APPDATA\ROAMING​\MOZILLA\FIREFOX\PROFILES\YWDI​QCPR.DEFAULT\EXTENSIONS\{EB939​4A3-4AD6-4918-9537-31A1FD8E8ED​F}
 File not found (No name found) -- C:\USERS\SALVA\APPDATA\ROAMING​\MOZILLA\FIREFOX\PROFILES\YWDI​QCPR.DEFAULT\EXTENSIONS\FFXTLB​R@BABYLON.COM
 [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.​dll
 [2010/01/16 02:53:55 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
 [2010/01/16 02:53:55 | 000,000,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.​xml
 [2010/01/16 02:53:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedi​a-es.xml
 [2010/01/16 02:53:55 | 000,000,798 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es​.xml
 
 ========== Chrome  ==========
 
 CHR - Extension: No name found = C:\Users\salva\AppData\Local\G​oogle\Chrome\User Data\Default\Extensions\icmlae​flemplmjndnaapfdbbnpncnbda\7.0​.1426_0\
 
 O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\et​c\hosts
 O1 - Hosts: ::1             localhost
 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695E​CA05670} - No CLSID value found.
 O2 - BHO: (Softonic Espana FF Toolbar) - {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Ac​roIEHelper.dll (Adobe Systems Incorporated)
 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988​571CECB} - No CLSID value found.
 O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F0​0898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dl​l (AVAST Software)
 O2 - BHO: (Media Plus Toolbar) - {f04fed2f-9027-4181-8a04-9fe3c​26f2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)
 O3 - HKLM\..\Toolbar: (Softonic Espana FF Toolbar) - {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F0​0898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dl​l (AVAST Software)
 O3 - HKLM\..\Toolbar: (Media Plus Toolbar) - {f04fed2f-9027-4181-8a04-9fe3c​26f2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)
 O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Espana FF Toolbar) - {0558DF35-D276-4DFB-88D9-C6398​AEEDF91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 O3 - HKCU\..\Toolbar\WebBrowser: (Media Plus Toolbar) - {F04FED2F-9027-4181-8A04-9FE3C​26F2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)
 O4 - HKLM..\Run: []  File not found
 O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
 O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
 O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
 O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
 O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
 O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLS​vc.exe (CyberLink)
 O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
 O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
 O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.d​ll (NVIDIA Corporation)
 O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITr​ansfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [RDesc]  File not found
 O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
 O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
 O4 - Startup: C:\Users\salva\AppData\Roaming​\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffi​ce.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\Office12\​REFIEBAR.DLL (Microsoft Corporation)
 O10 - NameSpace_Catalog5\Catalog_Ent​ries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
 O13 - gopher Prefix: missing
 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DE​E697D83} http://upload.facebook.com/con [...] oader5.cab (Facebook Photo Uploader 5 Control)
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} http://gfx2.hotmail.com/mail/w [...] des-es.cab (MSN Photo Upload Tool)
 O16 - DPF: {76956043-2F50-4BDC-B580-7C58F​B48C51D} https://www.fomento.es/asf41/cab/WebPdfAccess.cab (WPASigner Class)
 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE​305D968} http://upload.facebook.com/con [...] ader55.cab (Facebook Photo Uploader 5 Control)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_23)
 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C} http://fpdownload.macromedia.c [...] rashim.cab (Reg Error: Key error.)
 O16 - DPF: {B178DBD1-25DF-4187-9BE0-05D12​3B91B98} https://www.fomento.es/asf41/cab/WebSigner2.cab (WSCryptoSystem Class)
 O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_23)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_23)
 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DB​AF1A147} http://gfx2.hotmail.com/mail/w [...] des-es.cab (Windows Live Hotmail Photo Upload Tool)
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters: DhcpNameServer = 192.168.1.1
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters\Interfaces\{B439FD​55-391A-4632-AA9E-00C4185A6225​}: DhcpNameServer = 192.168.1.1
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters\Interfaces\{C4878A​0A-205A-4A35-9711-BBAD7526DC1E​}: DhcpNameServer = 192.168.1.1
 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (Microsoft Corporation)
 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D​022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\​OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.​exe) - C:\Windows\System32\userinit.e​xe (Microsoft Corporation)
 O24 - Desktop WallPaper: C:\Users\salva\AppData\Roaming​\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
 O24 - Desktop BackupWallPaper: C:\Users\salva\AppData\Roaming​\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDl​lInitialization,3)
 O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDll​Initialization,2)
 
 NetSvcs: FastUserSwitchingCompatibility -  File not found
 NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
 NetSvcs: Nla -  File not found
 NetSvcs: Ntmssvc -  File not found
 NetSvcs: NWCWorkstation -  File not found
 NetSvcs: Nwsapagent -  File not found
 NetSvcs: Sharedaccess -  File not found
 NetSvcs: SRService -  File not found
 NetSvcs: WmdmPmSp -  File not found
 NetSvcs: LogonHours -  File not found
 NetSvcs: PCAudit -  File not found
 NetSvcs: helpsvc -  File not found
 NetSvcs: uploadmgr -  File not found
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2012/06/26 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\salva\Desktop\antivir​us
 [2012/06/25 22:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
 [2012/06/23 17:40:32 | 000,000,000 | ---D | C] -- C:\ZHP
 [2012/06/23 17:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\ZHP
 [2012/06/23 17:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
 [2012/06/23 17:26:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
 [2012/06/23 16:35:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
 [2012/06/23 01:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
 [2012/06/21 22:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\Google Chrome
 [2012/06/21 21:59:22 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\as​wSnx.sys
 [2012/06/21 21:46:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProvi​ders
 [2012/06/18 20:49:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 [2012/06/10 20:22:35 | 000,000,000 | ---D | C] -- C:\Users\salva\Desktop\curso honda
 [2012/06/04 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\salva\AppData\Roaming​\SumatraPDF
 [2012/06/04 22:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
 
 ========== Files - Modified Within 30 Days ==========
 
 [2012/06/26 22:22:02 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateT​askMachineUA.job
 [2012/06/26 22:22:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateT​askMachineCore.job
 [2012/06/26 22:12:03 | 000,067,627 | ---- | M] () -- C:\ProgramData\nvModes.001
 [2012/06/26 22:11:47 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-3​76B-497e-B012-9C450E1B7327-2P-​1.C7483456-A289-439d-8115-6016​32D005A0
 [2012/06/26 22:11:47 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-3​76B-497e-B012-9C450E1B7327-2P-​0.C7483456-A289-439d-8115-6016​32D005A0
 [2012/06/26 22:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2012/06/26 22:11:38 | 3220,348,928 | -HS- | M] () -- C:\hiberfil.sys
 [2012/06/26 11:14:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
 [2012/06/23 17:28:20 | 000,157,696 | ---- | M] () -- C:\Users\salva\AppData\Local\D​CBC2A71-70D8-4DAN-EHR8-E0D61DE​A3FDF.ini
 [2012/06/23 12:27:12 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.ex​e
 [2012/06/21 22:08:41 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 [2012/06/21 21:59:21 | 000,002,628 | ---- | M] () -- C:\Windows\System32\config.nt
 [2012/06/16 19:23:19 | 000,067,627 | ---- | M] () -- C:\ProgramData\nvModes.dat
 [2012/06/04 22:49:05 | 000,274,471 | ---- | M] () -- C:\Users\salva\Desktop\honda-c​b750f_cb900f.jpg
 [2012/06/04 22:06:02 | 000,000,237 | ---- | M] () -- C:\user.js
 [2012/06/04 22:05:42 | 000,000,830 | ---- | M] () -- C:\Users\salva\Desktop\PDF Reader.lnk
 [2012/06/04 21:35:40 | 009,271,710 | ---- | M] () -- C:\Users\salva\Desktop\Honda_C​B750_F2_Seven_Fifty_RC42_92-95​_FR_By_Mosue.pdf
 [2012/06/03 17:40:48 | 000,680,434 | ---- | M] () -- C:\Windows\System32\perfh00A.d​at
 [2012/06/03 17:40:48 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.d​at
 [2012/06/03 17:40:48 | 000,134,438 | ---- | M] () -- C:\Windows\System32\perfc00A.d​at
 [2012/06/03 17:40:48 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.d​at
 [2012/06/03 17:30:14 | 000,038,999 | ---- | M] () -- C:\Users\salva\Desktop\mayo-12​.pdf
 
 ========== Files Created - No Company Name ==========
 
 [2012/06/26 07:52:21 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\00000001.@
 [2012/06/23 17:32:47 | 3220,348,928 | -HS- | C] () -- C:\hiberfil.sys
 [2012/06/21 22:08:41 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 [2012/06/21 22:06:08 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateT​askMachineUA.job
 [2012/06/21 22:06:06 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateT​askMachineCore.job
 [2012/06/04 22:49:29 | 000,274,471 | ---- | C] () -- C:\Users\salva\Desktop\honda-c​b750f_cb900f.jpg
 [2012/06/04 22:06:02 | 000,000,237 | ---- | C] () -- C:\user.js
 [2012/06/04 22:05:42 | 000,000,830 | ---- | C] () -- C:\Users\salva\Desktop\PDF Reader.lnk
 [2012/06/04 21:35:36 | 009,271,710 | ---- | C] () -- C:\Users\salva\Desktop\Honda_C​B750_F2_Seven_Fifty_RC42_92-95​_FR_By_Mosue.pdf
 [2012/06/03 17:30:03 | 000,038,999 | ---- | C] () -- C:\Users\salva\Desktop\mayo-12​.pdf
 [2011/02/08 22:46:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​@
 [2011/02/08 22:46:25 | 000,002,048 | -HS- | C] () -- C:\Users\salva\AppData\Local\{​f047dbdd-b2be-cc46-5909-d77b87​659e7c}\@
 [2010/12/13 22:25:54 | 000,073,829 | ---- | C] () -- C:\Windows\hpqins16.dat.temp
 [2010/12/13 22:02:52 | 000,073,829 | ---- | C] () -- C:\Windows\hpqins16.dat
 [2009/12/09 14:09:55 | 000,003,304 | ---- | C] () -- C:\Users\salva\AppData\Local\d​adawtb.dat
 [2009/05/28 21:14:55 | 000,000,680 | ---- | C] () -- C:\Users\salva\AppData\Local\d​3d9caps.dat
 [2009/02/02 23:27:52 | 000,067,627 | ---- | C] () -- C:\ProgramData\nvModes.001
 [2009/02/01 23:52:58 | 000,067,627 | ---- | C] () -- C:\ProgramData\nvModes.dat
 [2009/01/17 17:13:02 | 000,157,696 | ---- | C] () -- C:\Users\salva\AppData\Local\D​CBC2A71-70D8-4DAN-EHR8-E0D61DE​A3FDF.ini
 
 ========== Custom Scans ==========
 
 < %SYSTEMDRIVE%\*.exe  >
 
 < MD5 for: AGP440.SYS  >
 [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\System32\drivers\AG​P440.sys
 [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\System32\DriverStor​e\FileRepository\machine.inf_f​750e484\AGP440.sys
 [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\winsxs\x86_machine.​inf_31bf3856ad364e35_6.0.6001.​18000_none_ba12ed3bbeb0d97a\AG​P440.sys
 [2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\winsxs\x86_machine.​inf_31bf3856ad364e35_6.0.6002.​18005_none_bbfe6647bbd2a4c6\AG​P440.sys
 [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825C​EAD7D8 -- C:\Windows\System32\DriverStor​e\FileRepository\machine.inf_9​20a2c1f\AGP440.sys
 
 < MD5 for: AHCIX86.SYS  >
 [2008/10/14 04:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873​C2BF9D -- C:\Users\salva\AppData\Local\T​emp\DrvTemp\AMD AHCI Compatible RAID Controller\ahcix86.sys
 
 < MD5 for: ATAPI.SYS  >
 [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B​880BC4 -- C:\Windows\SoftwareDistributio​n\Download\bcfed137e95e2bc1b83​ef80262a82b16\x86_mshdc.inf_31​bf3856ad364e35_6.0.6002.18005_​none_df23a1261eab99e8\atapi.sy​s
 [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B​880BC4 -- C:\Windows\SoftwareDistributio​n\Download\cd2b15b1a90e8845781​88440a1660b12\x86_mshdc.inf_31​bf3856ad364e35_6.0.6002.18005_​none_df23a1261eab99e8\atapi.sy​s
 [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B​880BC4 -- C:\Windows\SoftwareDistributio​n\Download\cde11068f5b77b18011​1333ef9781925\x86_mshdc.inf_31​bf3856ad364e35_6.0.6002.18005_​none_df23a1261eab99e8\atapi.sy​s
 [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\System32\drivers\at​api.sys
 [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\System32\DriverStor​e\FileRepository\mshdc.inf_cc1​8792d\atapi.sys
 [2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\winsxs\x86_mshdc.in​f_31bf3856ad364e35_6.0.6001.18​000_none_dd38281a2189ce9c\atap​i.sys
 [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7E​C7300F -- C:\Windows\System32\DriverStor​e\FileRepository\mshdc.inf_c6c​2e699\atapi.sys
 [2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712C​FA2674 -- C:\Users\salva\AppData\Local\T​emp\DrvTemp\Canal IDE principal#1\atapi.sys
 [2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712C​FA2674 -- C:\Users\salva\AppData\Local\T​emp\DrvTemp\Canal IDE principal\atapi.sys
 
 < MD5 for: CNGAUDIT.DLL  >
 [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D​5FED4D -- C:\Windows\System32\cngaudit.d​ll
 [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D​5FED4D -- C:\Windows\winsxs\x86_microsof​t-windows-cngaudit-dll_31bf385​6ad364e35_6.0.6000.16386_none_​e62d292932a96ce6\cngaudit.dll
 
 < MD5 for: IASTORV.SYS  >
 [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\System32\drivers\ia​StorV.sys
 [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\System32\DriverStor​e\FileRepository\iastorv.inf_c​9df7691\iaStorV.sys
 [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\winsxs\x86_iastorv.​inf_31bf3856ad364e35_6.0.6001.​18000_none_af11527887c7fa8f\ia​StorV.sys
 [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101​E6C906 -- C:\Windows\System32\DriverStor​e\FileRepository\iastorv.inf_3​7cdafa4\iaStorV.sys
 
 < MD5 for: NETLOGON.DLL  >
 [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54​E37DDE -- C:\Windows\SoftwareDistributio​n\Download\bcfed137e95e2bc1b83​ef80262a82b16\x86_microsoft-wi​ndows-security-netlogon_31bf38​56ad364e35_6.0.6002.18005_none​_ffa3304f351bb3a3\netlogon.dll
 [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54​E37DDE -- C:\Windows\SoftwareDistributio​n\Download\cd2b15b1a90e8845781​88440a1660b12\x86_microsoft-wi​ndows-security-netlogon_31bf38​56ad364e35_6.0.6002.18005_none​_ffa3304f351bb3a3\netlogon.dll
 [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54​E37DDE -- C:\Windows\SoftwareDistributio​n\Download\cde11068f5b77b18011​1333ef9781925\x86_microsoft-wi​ndows-security-netlogon_31bf38​56ad364e35_6.0.6002.18005_none​_ffa3304f351bb3a3\netlogon.dll
 [2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025​D4E37F -- C:\Windows\System32\netlogon.d​ll
 [2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025​D4E37F -- C:\Windows\winsxs\x86_microsof​t-windows-security-netlogon_31​bf3856ad364e35_6.0.6001.18000_​none_fdb7b74337f9e857\netlogon​.dll
 
 < MD5 for: NVSTOR.SYS  >
 [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB​76DFFC -- C:\Windows\System32\DriverStor​e\FileRepository\nvraid.inf_73​3654ff\nvstor.sys
 [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\System32\drivers\nv​stor.sys
 [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\System32\DriverStor​e\FileRepository\nvraid.inf_31​c3d71d\nvstor.sys
 [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\winsxs\x86_nvraid.i​nf_31bf3856ad364e35_6.0.6001.1​8000_none_39dac327befea467\nvs​tor.sys
 
 < MD5 for: SCECLI.DLL  >
 [2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D5​91E0B9 -- C:\Windows\System32\scecli.dll
 [2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D5​91E0B9 -- C:\Windows\winsxs\x86_microsof​t-windows-s..urationengineclie​nt_31bf3856ad364e35_6.0.6001.1​8000_none_380de25bd91b6f12\sce​cli.dll
 [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044​105EE1 -- C:\Windows\SoftwareDistributio​n\Download\bcfed137e95e2bc1b83​ef80262a82b16\x86_microsoft-wi​ndows-s..urationengineclient_3​1bf3856ad364e35_6.0.6002.18005​_none_39f95b67d63d3a5e\scecli.​dll
 [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044​105EE1 -- C:\Windows\SoftwareDistributio​n\Download\cd2b15b1a90e8845781​88440a1660b12\x86_microsoft-wi​ndows-s..urationengineclient_3​1bf3856ad364e35_6.0.6002.18005​_none_39f95b67d63d3a5e\scecli.​dll
 [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044​105EE1 -- C:\Windows\SoftwareDistributio​n\Download\cde11068f5b77b18011​1333ef9781925\x86_microsoft-wi​ndows-s..urationengineclient_3​1bf3856ad364e35_6.0.6002.18005​_none_39f95b67d63d3a5e\scecli.​dll
 
 < %systemroot%\*. /mp /s  >
 
 < %systemroot%\system32\*.dll /lockedfiles  >
 
 < %systemroot%\Tasks\*.job /lockedfiles  >
 
 <  >
 
 <  >

 < End of report >

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 27/06/2012 à 22:32:10  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:  shoute je n'analyse demain trop tard ce soir  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 28/06/2012 à 09:31:01  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoote2002

 Ferme toutes les fenêtres actives sur ton PC

 Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".

 vérifie que la case "Rapport minimal" soit bien cochée.

 Copie et colle le contenu de cette citation (en bleu ) dans la fenêtre "Personnalisation:
 
 :files
 C:\Windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\00000001.@
 C:\Users\salva\AppData\Local\{​f047dbdd-b2be-cc46-5909-d77b87​659e7c}\@
 C:\Windows\System32\acovcnt.ex​e

 :otl

 IE - HKLM\..\URLSearchHook: {f04fed2f-9027-4181-8a04-9fe3c​26f2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)    => Toolbar.Conduit
 FF - prefs.js..extensions.enabledIt​ems: {EB9394A3-4AD6-4918-9537-31A1F​D8E8EDF}:2.0    => Toolbar.Agent
 IE - HKLM\..\SearchScopes,DefaultSc​ope = {9BB47C17-9C68-4BB3-B188-DD9AF​0FD2406}    => Infection PUP (Adware.Bandoo)
 FF - prefs.js..extensions.enabledIt​ems: {99079a25-328f-4bd4-be04-00955​acaa0a7}:4.6.1.01    => Infection PUP (Adware.Bandoo)

 IE - HKLM\..\URLSearchHook: {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 IE - HKCU\..\SearchScopes,DefaultSc​ope = {4ADE84E1-7BA2-48CB-A20B-989F0​9D62AAC}
 IE - HKCU\..\SearchScopes\${searchC​LSID}: "URL" = <http://search.live.com/result​s.aspx?q=>{searchTerms}&src={r​eferrer:source?}
 IE - HKCU\..\SearchScopes\{4ADE84E1​-7BA2-48CB-A20B-989F09D62AAC}: "URL" = <http://www.google.com/search?​q=>{searchTerms}&sourceid=ie7&​rls=com.microsoft:en-US&ie=utf​8&oe=utf8&rlz=1I7ASUS_esES310
 FF - prefs.js..extensions.enabledIt​ems: pdfforge@mybrowserbar.com <mailto:pdfforge@mybrowserbar.​com>:5.9
 FF - prefs.js..extensions.enabledIt​ems: wtxpcom@mybrowserbar.com <mailto:wtxpcom@mybrowserbar.c​om>:5.9
 FF - prefs.js..extensions.enabledIt​ems: ffxtlbr@babylon.com <mailto:ffxtlbr@babylon.com>:1​.2.0
 O2 - BHO: (Softonic Espana FF Toolbar) - {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 O3 - HKLM\..\Toolbar: (Softonic Espana FF Toolbar) - {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Espana FF Toolbar) - {0558DF35-D276-4DFB-88D9-C6398​AEEDF91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 O3 - HKCU\..\Toolbar\WebBrowser: (Media Plus Toolbar) - {F04FED2F-9027-4181-8A04-9FE3C​26F2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)
 :Commands
 [clearallrestorepoints]
 [emptytemp]  
 [resethosts]
 [reboot]
 


 Clique sur le bouton "Correction".

 Ne touche plus au PC avant son redémarrage en mode normal.
 
 A l'ouverture du PC un rapport va s'ouvrir --> 04212011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
 Copie et colle ici en réponse le contenu de ce rapport ;)
 

 




---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 28/06/2012 à 21:40:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonsoir,
 il m'est impossible de faire cette manipulation, le programme commence et au bout de 10 seconde il s'arrete et affiche en au a coté du nom du programme "ne repond pas".
 toute le fenetre sont bien fermé mais j'imagine qu'il ne faut quand meme pas arreter le programme avast?

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 28/06/2012 à 22:36:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re desactive avast
 parefeu le temps de la manip

 remets apres bien sur  :D  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 29/06/2012 à 14:50:29  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
toujours impossiblea realiser en moins de 5 seconde le programe se met en mode ne repond pas

tydouric
  1. Posté le 30/06/2012 à 08:05:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour, il suffit de programmer un scan d'avast au démarrage de l'ordinateur et ça va résoudre ton problème  :)

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 30/06/2012 à 12:10:57  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: tydouric

  tu as déja vu avast supprimer un rootkit moi pas  :pt1cable:

 shoote2002

 relance otl avec ces lignes encadrées

 



 
 :files
 C:\Windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\00000001.@
 C:\Users\salva\AppData\Local\{​f047dbdd-b2be-cc46-5909-d77b87​659e7c}\@
 C:\Windows\System32\acovcnt.ex​e
 C:\Program Files\Softonic_Espana_FF\tbSof​t.dll
 C:\Program Files\Media_Mule\tbMed2.dll

 :otl

 IE - HKLM\..\URLSearchHook: {f04fed2f-9027-4181-8a04-9fe3c​26f2865} - C:\Program Files\Media_Mule\tbMed2.dll (Conduit Ltd.)

 FF - prefs.js..extensions.enabledIt​ems: {EB9394A3-4AD6-4918-9537-31A1F​D8E8EDF}:2.0
 IE - HKLM\..\SearchScopes,DefaultSc​ope = {9BB47C17-9C68-4BB3-B188-DD9AF​0FD2406}

 FF - prefs.js..extensions.enabledIt​ems: {99079a25-328f-4bd4-be04-00955​acaa0a7}:4.6.1.01

 IE - HKLM\..\URLSearchHook: {0558df35-d276-4dfb-88d9-c6398​aeedf91} - C:\Program Files\Softonic_Espana_FF\tbSof​t.dll (Conduit Ltd.)
 IE - HKCU\..\SearchScopes,DefaultSc​ope = {4ADE84E1-7BA2-48CB-A20B-989F0​9D62AAC}
 IE - HKCU\..\SearchScopes\${searchC​LSID}: "URL" = <http://search.live.com/result​s.aspx?q=>{searchTerms}&src={r​eferrer:source?}
 IE - HKCU\..\SearchScopes\{4ADE84E1​-7BA2-48CB-A20B-989F09D62AAC}: "URL" = <http://www.google.com/search?​q=>{searchTerms}&sourceid=ie7&​rls=com.microsoft:en-US&ie=utf​8&oe=utf8&rlz=1I7ASUS_esES310
 FF - prefs.js..extensions.enabledIt​ems: pdfforge@mybrowserbar.com <mailto:pdfforge@mybrowserbar.​com>:5.9
 FF - prefs.js..extensions.enabledIt​ems: wtxpcom@mybrowserbar.com <mailto:wtxpcom@mybrowserbar.c​om>:5.9
 FF - prefs.js..extensions.enabledIt​ems: ffxtlbr@babylon.com <mailto:ffxtlbr@babylon.com>:1​.2.0

 :Commands
 [clearallrestorepoints]
 [emptytemp]
 [resethosts]
 [reboot]
 



 Clique sur le bouton "Correction".

 Ne touche plus au PC avant son redémarrage en mode normal.

 A l'ouverture du PC un rapport va s'ouvrir --> 04212011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
 Copie et colle ici en réponse le contenu de ce rapport







---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 30/06/2012 à 18:24:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonsoir did80,
 voici le resultat du scan de OTL


 All processes killed
 ========== FILES ==========
 File\Folder C:\Windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\00000001.@ not found.
 File\Folder C:\Users\salva\AppData\Local\{​f047dbdd-b2be-cc46-5909-d77b87​659e7c}\@ not found.
 File\Folder C:\Windows\System32\acovcnt.ex​e not found.
 File\Folder C:\Program Files\Softonic_Espana_FF\tbSof​t.dll not found.
 File\Folder C:\Program Files\Media_Mule\tbMed2.dll not found.
 ========== OTL ==========
 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\URLSearchHooks\\{f04f​ed2f-9027-4181-8a04-9fe3c26f28​65} not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{f04fed2f-9027-418​1-8a04-9fe3c26f2865}\ not found.
 File C:\Program Files\Media_Mule\tbMed2.dll not found.
 Prefs.js: {EB9394A3-4AD6-4918-9537-31A1F​D8E8EDF}:2.0 removed from extensions.enabledItems
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\SearchScopes\\Default​Scope| /E : value set successfully!
 Prefs.js: {99079a25-328f-4bd4-be04-00955​acaa0a7}:4.6.1.01 removed from extensions.enabledItems
 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\URLSearchHooks\\{0558​df35-d276-4dfb-88d9-c6398aeedf​91} not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{0558df35-d276-4df​b-88d9-c6398aeedf91}\ not found.
 File C:\Program Files\Softonic_Espana_FF\tbSof​t.dll not found.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\SearchScopes\\Default​Scope| /E : value set successfully!
 Registry key HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\SearchScopes\{searchC​LSID}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{searchCLSID}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\SearchScopes\{4ADE84E​1-7BA2-48CB-A20B-989F09D62AAC}​\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{4ADE84E1-7BA2-48C​B-A20B-989F09D62AAC}\ not found.
 Prefs.js: pdfforge@mybrowserbar.com <mailto:pdfforge@mybrowserbar.​com>:5.9 removed from extensions.enabledItems
 Prefs.js: wtxpcom@mybrowserbar.com <mailto:wtxpcom@mybrowserbar.c​om>:5.9 removed from extensions.enabledItems
 Prefs.js: ffxtlbr@babylon.com <mailto:ffxtlbr@babylon.com>:1​.2.0 removed from extensions.enabledItems
 ========== COMMANDS ==========
 Restore point Set: OTL Restore Point
 
 [EMPTYTEMP]
 
 User: All Users
 
 User: Default
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: Default User
 
 User: Public
 
 User: salva
 ->Temp folder emptied: 401572636 bytes
 ->Temporary Internet Files folder emptied: 545257602 bytes
 ->Java cache emptied: 1224244 bytes
 ->FireFox cache emptied: 40634510 bytes
 ->Google Chrome cache emptied: 46398621 bytes
 ->Flash cache emptied: 191232 bytes
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 %systemroot%\System32\drivers .tmp files removed: 0 bytes
 Windows Temp folder emptied: 1658336 bytes
 RecycleBin emptied: 863765 bytes
 
 Total Files Cleaned = 990,00 mb
 
 C:\Windows\System32\drivers\et​c\Hosts moved successfully.
 HOSTS file reset successfully
 
 OTL by OldTimer - Version 3.2.53.0 log created on 06302012_163518

 Files\Folders moved on Reboot...

 PendingFileRenameOperations files...

 Registry entries deleted on Reboot...

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 01/07/2012 à 16:33:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoote2002

 fais ceci

 
 Télécharges Malwarebytes version free
 http://www.malwarebytes.org/pr [...] bytes_free

 tu le mets a jour
 scan complet

 s’il trouve des infections  important
  coches les cases et supprimes la sélection

 Copies colles le rapport

 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 01/07/2012 à 19:00:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
le programme était deja installé il n'a trouvé qu'un seul virus apparement duprograme OTL. voici le resultat



 Malwarebytes Anti-Malware (Versión de Prueba) 1.61.0.1400
 www.malwarebytes.org

 Versión de la Base de Datos: v2012.07.01.06

 Windows Vista Service Pack 1 x86 NTFS
 Internet Explorer 7.0.6001.18000
 salva :: SALVA1 [administrador]

 Protección: Habilitado

 01/07/2012 18:17:10
 mbam-log-2012-07-01 (18-17-10).txt

 Tipos de Análisis: Análisis Completo
 Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
 Opciones de análisis desactivados: P2P
 Objetos examinados: 358975
 Tiempo transcurrido: 1 hora(s), 39 minuto(s), 27 segundo(s)

 Procesos en Memoria Detectados: 0
 (No se han detectado elementos maliciosos)

 Módulos de Memoria Detectados: 0
 (No se han detectado elementos maliciosos)

 Claves del Registro Detectados: 0
 (No se han detectado elementos maliciosos)

 Valores del Registro Detectados: 0
 (No se han detectado elementos maliciosos)

 Elementos de Datos del Registro Detectados: 0
 (No se han detectado elementos maliciosos)

 Carpetas Detectadas: 0
 (No se han detectado elementos maliciosos)

 Archivos Detectados: 1
 C:\_OTL\MovedFiles\06292012_07​2648\C_Windows\Installer\{f047​dbdd-b2be-cc46-5909-d77b87659e​7c}\U\00000001.@ (Trojan.Small) -> En cuarentena y eliminado con éxito.

 fin)

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 03/07/2012 à 20:39:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoote2002  ok dis moi comment va ton pc :??:

 pour la suite a donner  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 03/07/2012 à 22:14:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: did80
 j'aurai préféré annoncer une bonne nouvelle mais non :pleure: , ce ne sont plus les meme virus ils sont nouveaux apparement.
 je te donne qq details avast affiche url malicieuse, C:/windows/system32/svchost.ex​e
 http://mvlljfck.cn/............

 ils sont 2 comme s'ils venaient d'internet mais pour le moment on ne s'y est pas encore connecté. Aussi avast nous donne quelque probleme la dernier version qui a ete actualisé c'est redesinstallé comme pas magie il est revenu a la version anterieur, et ne repond pas aux actualisation.

 j'espere que tu pourras m'aider a trouver une solution s'il en existe une!!!
 merci

shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 04/07/2012 à 06:50:28  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
on a aussi lancé une analyse complete d'avast il reste encore 2 virus un trojan et un rootkit

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 04/07/2012 à 20:02:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok shoute2002 fais ceci


 Effectue ceci :

 prends connaissance de ce tutoriel

 http://www.bleepingcomputer.co [...] r-combofix

 Télécharge Combofix.exe de sUBs sur ton Bureau et pas ailleurs.

 renomme le avant qu'il n'atterisse sur le bureau

 http://www.donnemoilinfo.com/t [...] mboFix.php

 Important : Désactive ton Antivirus et antispyware avant le scan avec Combofix :
 http://forum.pcastuces.com/des [...] -f31s4.htm

 Ferme toutes les fenêtres actives avant de lancer le scan.
 Durant celui-ci, ne touche plus à ton PC tant que celui-ci ne sera pas terminé.
 Il peut y avoir un redémarrage du PC afin de finaliser les suppressions.

 > Double clique sur combofix.exe pour le lancer et valide par OUI
 * Si l'installation de la Console est demandée > Valide!
 * Le scan reprendra après son installation.

 > Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 NOTE : Le rapport se trouve également ici : C:\Combofix.txt


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 08/07/2012 à 16:40:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour didi80,
 voici le rapport de combofix. on a du redemarer l'ordinateur, rien ne fonctionnait et reinstaller avast qui avait disparu


 ComboFix 12-07-08.01 - salva 08/07/2012  16:58:56.1.2 - x86
 Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.34.3082.18.307​0.2034 [GMT 2:00]
 Running from: c:\users\salva\Desktop\ComboFi​xantivirus.exe
 AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD​597F308}
 SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8A​E10B9B5}
 SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132​C1ACF46}
 .
 .
 ((((((((((((((((((((((((((((((​(((((((((   Other Deletions   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 c:\windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​@
 c:\windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\00000001.@
 c:\windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\80000000.@
 c:\windows\Installer\{f047dbdd​-b2be-cc46-5909-d77b87659e7c}\​U\800000cb.@
 c:\windows\system32\CddbCdda.d​ll
 .
 c:\windows\system32\services.e​xe . . . is infected!!
 .
 .
 (((((((((((((((((((((((((   Files Created from 2012-06-08 to 2012-07-08  ))))))))))))))))))))))))))))))​)
 .
 .
 2012-07-08 15:08 . 2012-07-08 15:08 -------- d-----w- c:\users\Default\AppData\Local​\temp
 2012-07-07 09:37 . 2012-07-07 09:37 40776 ----a-w- c:\windows\system32\drivers\mb​amswissarmy.sys
 2012-06-28 19:20 . 2012-06-28 19:20 -------- d-----w- C:\_OTL
 2012-06-25 20:49 . 2012-06-25 20:49 -------- d-----w- c:\program files\Ad-Remover
 2012-06-23 15:40 . 2012-06-23 16:47 -------- d-----w- C:\ZHP
 2012-06-23 15:39 . 2012-06-23 15:39 -------- d-----w- c:\program files\ZHPDiag
 2012-06-23 14:35 . 2012-06-23 14:35 -------- d-----w- C:\TDSSKiller_Quarantine
 2012-06-22 23:53 . 2012-06-22 23:53 -------- d-----w- c:\program files\Apple Software Update
 2012-06-21 19:59 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\as​wSnx.sys
 2012-06-21 19:46 . 2012-06-21 19:46 -------- d-----w- c:\windows\system32\EventProvi​ders
 .
 .
 .
 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))
 .
 2012-07-03 16:21 . 2009-03-28 12:03 54232 ----a-w- c:\windows\system32\drivers\as​wTdi.sys
 2012-07-03 16:21 . 2009-03-28 12:03 35928 ----a-w- c:\windows\system32\drivers\as​wRdr.sys
 2012-07-03 16:21 . 2009-03-28 12:03 353688 ----a-w- c:\windows\system32\drivers\as​wSP.sys
 2012-07-03 16:21 . 2009-03-28 12:03 21256 ----a-w- c:\windows\system32\drivers\as​wFsBlk.sys
 2012-07-03 16:21 . 2009-03-28 12:02 57656 ----a-w- c:\windows\system32\drivers\as​wMonFlt.sys
 2012-07-03 16:21 . 2010-06-29 21:03 41224 ----a-w- c:\windows\avastSS.scr
 2012-07-03 16:21 . 2009-03-28 12:02 227648 ----a-w- c:\windows\system32\aswBoot.ex​e
 2012-05-08 16:40 . 2012-06-16 07:29 6737808 ----a-w- c:\programdata\Microsoft\Windo​ws Defender\Definition Updates\{632B6B57-5D95-4567-AC​D0-D940127EBFD6}\mpengine.dll
 2012-04-17 20:05 . 2012-04-17 20:05 1207888 ----a-w- c:\programdata\Microsoft\eHome​\Packages\MCESpotlight\MCESpot​light\SpotlightResources.dll
 2010-08-28 20:01 . 2010-08-28 20:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDeskt​opMozilla.dll
 .
 .
 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\00avast]
 @="{472083B0-C522-11CF-8763-00​608CC02F24}"
 [HKEY_CLASSES_ROOT\CLSID\{47208​3B0-C522-11CF-8763-00608CC02F2​4}]
 2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
 .
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
 "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeC​ontrolPanel.exe" [2008-06-09 2363392]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2008-11-04 39408]
 "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
 "ehTray.exe"="c:\windows\ehome​\ehTray.exe" [2008-01-21 125952]
 "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
 .
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLS​vc.exe" [2008-07-19 104936]
 "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITr​ansfer\MUIStartMenu.exe" [2008-06-14 210216]
 "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-28 30192]
 "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
 "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
 "NvCplDaemon"="c:\windows\syst​em32\NvCpl.dll" [2008-07-25 13548064]
 "NvMediaCenter"="c:\windows\sy​stem32\NvMcTray.dll" [2008-07-25 92704]
 "RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
 "ASUS Screen Saver Protector"="c:\windows\AsScrPr​o.exe" [2008-11-04 3054136]
 "ASUS Camera ScreenSaver"="c:\windows\AsScr​Prolog.exe" [2008-11-04 47672]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
 "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
 "BlackBerryAutoUpdate"="c:\pro​gram files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-01 623960]
 "SunJavaUpdateSched"="c:\progr​am files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
 "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
 "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
 .
 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "ehTray.exe"="c:\windows\ehome​\ehTray.exe" [2008-01-21 125952]
 .
 c:\users\salva\AppData\Roaming​\Microsoft\Windows\Start Menu\Programs\Startup\
 OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
 .
 c:\programdata\Microsoft\Windo​ws\Start Menu\Programs\Startup\
 Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-11 113664]
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableUIADesktopToggle"= 0 (0x0)
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001
 .
 --- Other Services/Drivers In Memory ---
 .
 *NewlyCreated* - WS2IFSL
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 bthsvcs REG_MULTI_SZ    BthServ
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
 2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.ex​e
 .
 Contents of the 'Scheduled Tasks' folder
 .
 2012-07-08 c:\windows\Tasks\GoogleUpdateT​askMachineCore.job
 - c:\program files\Google\Update\GoogleUpda​te.exe [2012-06-21 20:05]
 .
 2012-07-08 c:\windows\Tasks\GoogleUpdateT​askMachineUA.job
 - c:\program files\Google\Update\GoogleUpda​te.exe [2012-06-21 20:05]
 .
 .
 ------- Supplementary Scan -------
 .
 uStart Page = about:blank
 uInternet Settings,ProxyOverride = *.local
 TCP: DhcpNameServer = 192.168.1.1
 DPF: {76956043-2F50-4BDC-B580-7C58F​B48C51D} - hxxps://www.fomento.es/asf41/c​ab/WebPdfAccess.cab
 DPF: {B178DBD1-25DF-4187-9BE0-05D12​3B91B98} - hxxps://www.fomento.es/asf41/c​ab/WebSigner2.cab
 FF - ProfilePath - c:\users\salva\AppData\Roaming​\Mozilla\Firefox\Profiles\ywdi​qcpr.default\
 FF - prefs.js: browser.search.selectedEngine -
 FF - Ext: Default: {972ce4c6-7e08-4474-a285-32081​98ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7​e08-4474-a285-3208198ce6fd}
 FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDE​FFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0​016-0000-0021-ABCDEFFEDCBA}
 FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDE​FFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0​016-0000-0023-ABCDEFFEDCBA}
 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825​760534b} - %profile%\extensions\{20a82645​-c095-46ed-80e3-08825760534b}
 FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825​760534b} - c:\windows\Microsoft.NET\Frame​work\v3.5\Windows Presentation Foundation\DotNetAssistantExte​nsion
 .
 - - - - ORPHANS REMOVED - - - -
 .
 BHO-{0558df35-d276-4dfb-88d9-c​6398aeedf91} - (no file)
 BHO-{f04fed2f-9027-4181-8a04-9​fe3c26f2865} - (no file)
 Toolbar-{f04fed2f-9027-4181-8a​04-9fe3c26f2865} - (no file)
 Toolbar-{0558df35-d276-4dfb-88​d9-c6398aeedf91} - (no file)
 Toolbar-10 - (no file)
 WebBrowser-{F04FED2F-9027-4181​-8A04-9FE3C26F2865} - (no file)
 WebBrowser-{0558DF35-D276-4DFB​-88D9-C6398AEEDF91} - (no file)
 HKLM-Run-RDesc - (no file)
 SafeBoot-10266097.sys
 AddRemove-iLivid - c:\program files\iLivid\uninstall.exe
 AddRemove-{8D15E1B2-D2B7-4A17-​B44B-D2DDE5981406} - c:\programdata\{B49A644A-1076-​4A3D-B124-DAA7862F2318}\iLivid​SetupV1.exe
 .
 .
 .
 ******************************​******************************​**************
 .
 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2012-07-08 17:11
 Windows 6.0.6001 Service Pack 1 NTFS
 .
 scanning hidden processes ...  
 .
 scanning hidden autostart entries ...
 .
 scanning hidden files ...  
 .
 scan completed successfully
 hidden files: 0
 .
 ******************************​******************************​**************
 .
 --------------------- LOCKED REGISTRY KEYS ---------------------
 .
 [HKEY_USERS\S-1-5-21-1181917803​-1492491666-595143016-1000\Sof​tware\Microsoft\Windows\Curren​tVersion\Explorer\FileExts\.*Ò​*y*„%\OpenWithList]
 @Class="Shell"
 .
 [HKEY_LOCAL_MACHINE\system\Cont​rolSet001\Control\Class\{4D36E​96D-E325-11CE-BFC1-08002BE1031​8}\0000\AllUserSettings]
 @Denied: (A) (Users)
 @Denied: (A) (Everyone)
 @Allowed: (B 1 2 3 4 5) (S-1-5-20)
 "BlindDial"=dword:00000000
 .
 [HKEY_LOCAL_MACHINE\system\Cont​rolSet001\Control\Class\{4D36E​96D-E325-11CE-BFC1-08002BE1031​8}\0001\AllUserSettings]
 @Denied: (A) (Users)
 @Denied: (A) (Everyone)
 @Allowed: (B 1 2 3 4 5) (S-1-5-20)
 "BlindDial"=dword:00000000
 .
 [HKEY_LOCAL_MACHINE\system\Cont​rolSet001\Control\Class\{4D36E​96D-E325-11CE-BFC1-08002BE1031​8}\0005\AllUserSettings]
 @Denied: (A) (Users)
 @Denied: (A) (Everyone)
 @Allowed: (B 1 2 3 4 5) (S-1-5-20)
 "BlindDial"=dword:00000000
 .
 --------------------- DLLs Loaded Under Running Processes ---------------------
 .
 - - - - - - - > 'Explorer.exe'(4064)
 c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
 c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
 c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
 c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.​ngr
 .
 ------------------------ Other Running Processes ------------------------
 .
 c:\windows\system32\nvvsvc.exe
 c:\program files\Alwil Software\Avast5\AvastSvc.exe
 c:\windows\system32\WLANExt.ex​e
 c:\windows\system32\rundll32.e​xe
 c:\program files\ASUS\SmartLogon\smartlog​on.exe
 c:\windows\System32\lpksetup.e​xe
 c:\windows\system32\agrsmsvc.e​xe
 c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi​ce.exe
 c:\program files\Bonjour\mDNSResponder.ex​e
 c:\program files\ASUS\SmartLogon\sensorsr​v.exe
 c:\program files\ASUS\NB Probe\SPM\spmgr.exe
 c:\program files\TomTom HOME 2\TomTomHOMEService.exe
 c:\windows\servicing\TrustedIn​staller.exe
 c:\windows\system32\conime.exe
 c:\windows\System32\rundll32.e​xe
 c:\windows\RtHDVCpl.exe
 c:\windows\ehome\ehmsas.exe
 c:\program files\OpenOffice.org 2.2\program\soffice.exe
 c:\program files\OpenOffice.org 2.2\program\soffice.BIN
 c:\program files\iPod\bin\iPodService.exe
 c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
 .
 ******************************​******************************​**************
 .
 Completion time: 2012-07-08  17:17:39 - machine was rebooted
 ComboFix-quarantined-files.txt  2012-07-08 15:17
 .
 Pre-Run: 7.991.447.552 bytes libres
 Post-Run: 7.928.172.544 bytes libres
 .
 - - End Of File - - DB39D2335D85C142DAE505CFEA5E03​DF

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 08/07/2012 à 20:02:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: shoote2002

 on avance je sais que ce n'est pas évident

 on va le sortir

 reposte moi stp un otl pour voir ou on en est exactement


 Télécharges

  OTL

 Fait un double-clic sur l'icône d'OTL pour le lancer
 /!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 * Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 * Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

 * Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"
 



 
 netsvcs
 %SYSTEMDRIVE%\*.exe
 /md5start
 eventlog.dll
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iaStor.sys
 nvstor.sys
 atapi.sys
 IdeChnDr.sys
 viasraid.sys
 AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 ahcix86.sys
 KR10N.sys
 vstor32.sys
 ahcix86s.sys
 nvrd32.sys
 /md5stop
 %systemroot%\*. /mp /s
 %systemroot%\system32\*.dll /lockedfiles
 %systemroot%\Tasks\*.job /lockedfiles
 




 * Cliques sur l'icône "Analyse" (en haut à gauche) .
 * Laisse le scan aller à son terme sans te servir du PC
 * A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
 * Copie et colle le ou les rapports dans ta réponse stp...
 * Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
 Mets le rapport ici car il prend bien de la place.
 www.cjoint.com
 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
shoute2002
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 09/07/2012 à 06:43:48  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour did80,
 le programme otl n'arrive pas a finir l'analyse il met un message d'erreur et se bloque, en bas de la fenetre c'est ecrit "System Event Log record56319"

 Page :
1  2
Dernière Page
Page Suivante
Page Précédente
Première Page

Aller à :
 

Sujets relatifs
Invasion virus, plus de connection internet! (RESOLU) Comment supprimer trojan agent [ Résolu ]
Comment supprimer les publicités intempestives "problème résolu" PC infecté par "virus TR sirefef j 637 [résolu]
comment supprimer les restes du firewall COMODO dans le registre? [Résolu] trojan ... Avast.exe n'est une application Win32 valide...
besoin d'aide pour supprimer Trojan Win32 Impossible de supprimer "the best offers"
Plus de sujets relatifs à : comment supprimer virus win32:sirefef...

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Supprimer incredibar 5
Me débarrasser de yahho altavista (google-analytics) ? [RÉSOLU] 8
Impossible d'arreter mon PC [Résolu] 1
[Résolu] Soucis avec babylon ... 11
Conseils pour enlever tous les virus d'un ordi [Résolu] 17