Virus Ukash résolu - FORUMS 01net.

Bonsoir a tous

J'ai également herité du virus ukash. Grâce au forum j'ai téléchargé Roguekiller et procedé au scan.
Voilà le rapport obtenu :

RogueKiller V8.3.1 [Nov 20 2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Emac [Droits d'admin]
Mode : Recherche -- Date : 21/11/2012 17:37:02

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 17 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Facebook Update ("C:\Users\Emac\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : WinSATAPI (C:\Users\Emac\AppData\Local\Microsoft\Windows\2926\WinSATAPI.exe) -> TROUVÉ
[RUN][NOTFOUND] HKLM\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit) -> TROUVÉ
[RUN][NOTFOUND] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup) -> TROUVÉ
[RUN][NOTFOUND] HKUS\S-1-5-19[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> TROUVÉ
[RUN][NOTFOUND] HKUS\S-1-5-20[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3609274975-1326489897-4038433766-1000[...]\Run : Facebook Update ("C:\Users\Emac\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3609274975-1326489897-4038433766-1000[...]\Run : WinSATAPI (C:\Users\Emac\AppData\Local\Microsoft\Windows\2926\WinSATAPI.exe) -> TROUVÉ
[TASK][SUSP PATH] FacebookUpdateTaskUserS-1-5-21-3609274975-1326489897-4038433766-1000UA.job : C:\Users\Emac\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> TROUVÉ
[TASK][SUSP PATH] FacebookUpdateTaskUserS-1-5-21-3609274975-1326489897-4038433766-1000Core.job : C:\Users\Emac\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> TROUVÉ
[TASK][SUSP PATH] FacebookUpdateTaskUserS-1-5-21-3609274975-1326489897-4038433766-1000Core : C:\Users\Emac\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> TROUVÉ
[TASK][SUSP PATH] FacebookUpdateTaskUserS-1-5-21-3609274975-1326489897-4038433766-1000UA : C:\Users\Emac\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> TROUVÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:25106) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$52d828fc5e89bc340fe4178e3e58131f\n.) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$52d828fc5e89bc340fe4178e3e58131f\n.) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$52d828fc5e89bc340fe4178e3e58131f\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3609274975-1326489897-4038433766-1000\$52d828fc5e89bc340fe4178e3e58131f\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$52d828fc5e89bc340fe4178e3e58131f\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3609274975-1326489897-4038433766-1000\$52d828fc5e89bc340fe4178e3e58131f\L --> TROUVÉ

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82AA565D -> HOOKED (Unknown @ 0x87C7D858)
SSDT[14] : NtAlertThread @ 0x82A1E295 -> HOOKED (Unknown @ 0x87C7D938)
SSDT[18] : NtAllocateVirtualMemory @ 0x82A5A54B -> HOOKED (Unknown @ 0x87C71CA8)
SSDT[21] : NtAlpcConnectPort @ 0x829FC88B -> HOOKED (Unknown @ 0x87C168B8)
SSDT[67] : NtCreateMutant @ 0x82A32862 -> HOOKED (Unknown @ 0x87C72E20)
SSDT[78] : NtCreateThread @ 0x82AA3C74 -> HOOKED (Unknown @ 0x87C063D0)
SSDT[116] : NtDebugActiveProcess @ 0x82A76D78 -> HOOKED (Unknown @ 0x87C72B80)
SSDT[147] : NtFreeVirtualMemory @ 0x82896F1D -> HOOKED (Unknown @ 0x87C71B08)
SSDT[156] : NtImpersonateAnonymousToken @ 0x829CCF16 -> HOOKED (Unknown @ 0x87C72F10)
SSDT[158] : NtImpersonateThread @ 0x829E2553 -> HOOKED (Unknown @ 0x87C72FD0)
SSDT[177] : NtMapViewOfSection @ 0x82A228DA -> HOOKED (Unknown @ 0x87C71A08)
SSDT[184] : NtOpenEvent @ 0x82A0BDFF -> HOOKED (Unknown @ 0x87C72D40)
SSDT[195] : NtOpenProcessToken @ 0x82A13A60 -> HOOKED (Unknown @ 0x87C062F0)
SSDT[202] : NtOpenThreadToken @ 0x82A2E2FD -> HOOKED (Unknown @ 0x87C7DE10)
SSDT[282] : NtResumeThread @ 0x82A2DB9A -> HOOKED (Unknown @ 0x87C76908)
SSDT[289] : NtSetContextThread @ 0x82AA510B -> HOOKED (Unknown @ 0x87C7DD30)
SSDT[305] : NtSetInformationProcess @ 0x82A26908 -> HOOKED (Unknown @ 0x87C7DF00)
SSDT[306] : NtSetInformationThread @ 0x82A0B2DD -> HOOKED (Unknown @ 0x87C7DC40)
SSDT[330] : NtSuspendProcess @ 0x82AA5597 -> HOOKED (Unknown @ 0x87C72C60)
SSDT[331] : NtSuspendThread @ 0x829AC92D -> HOOKED (Unknown @ 0x87C7DA80)
SSDT[334] : NtTerminateProcess @ 0x82A03173 -> HOOKED (Unknown @ 0x87C405F8)
SSDT[335] : NtTerminateThread @ 0x82A2E584 -> HOOKED (Unknown @ 0x87C7DB60)
SSDT[348] : NtUnmapViewOfSection @ 0x82A22B9D -> HOOKED (Unknown @ 0x87C7DFD0)
SSDT[358] : NtWriteVirtualMemory @ 0x82A1F96D -> HOOKED (Unknown @ 0x87C71BD8)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-00A0R SCSI Disk Device +++++
--- User ---
[MBR] f586aedfee2b17586b494463a0bad281
[BSP] 453b7ebeeadb0433343edf5f01817e49 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1]_S_21112012_173702.txt >>
RKreport[1]_S_21112012_173702.txt

Que dois je faire pour la suite ?

Merci

est2207

il n' ya pas que çà rootkit

relance roguekiller scan cliques suppression

puis

Télécharges Malwarebytes version free
http://www.malwarebytes.org/products/malwarebytes_free

tu le mets a jour
scan complet

s’il trouve des infections important
coches les cases et supprimes la sélection

Copies colles le rapport

tu copies les rapports dans ton bloc notes

tu les mets ici ensuite

Merci de ta réponse. J'ai relancé Roguekiller et voila le nouveau rapport :

RogueKiller V8.3.1 [Nov 20 2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Emac [Droits d'admin]
Mode : Suppression -- Date : 21/11/2012 20:58:10

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:25106) -> NON SUPPRIMÉ, UTILISER PROXY RAZ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82AA565D -> HOOKED (Unknown @ 0x87C7D858)
SSDT[14] : NtAlertThread @ 0x82A1E295 -> HOOKED (Unknown @ 0x87C7D938)
SSDT[18] : NtAllocateVirtualMemory @ 0x82A5A54B -> HOOKED (Unknown @ 0x87C71CA8)
SSDT[21] : NtAlpcConnectPort @ 0x829FC88B -> HOOKED (Unknown @ 0x87C168B8)
SSDT[67] : NtCreateMutant @ 0x82A32862 -> HOOKED (Unknown @ 0x87C72E20)
SSDT[78] : NtCreateThread @ 0x82AA3C74 -> HOOKED (Unknown @ 0x87C063D0)
SSDT[116] : NtDebugActiveProcess @ 0x82A76D78 -> HOOKED (Unknown @ 0x87C72B80)
SSDT[147] : NtFreeVirtualMemory @ 0x82896F1D -> HOOKED (Unknown @ 0x87C71B08)
SSDT[156] : NtImpersonateAnonymousToken @ 0x829CCF16 -> HOOKED (Unknown @ 0x87C72F10)
SSDT[158] : NtImpersonateThread @ 0x829E2553 -> HOOKED (Unknown @ 0x87C72FD0)
SSDT[177] : NtMapViewOfSection @ 0x82A228DA -> HOOKED (Unknown @ 0x87C71A08)
SSDT[184] : NtOpenEvent @ 0x82A0BDFF -> HOOKED (Unknown @ 0x87C72D40)
SSDT[195] : NtOpenProcessToken @ 0x82A13A60 -> HOOKED (Unknown @ 0x87C062F0)
SSDT[202] : NtOpenThreadToken @ 0x82A2E2FD -> HOOKED (Unknown @ 0x87C7DE10)
SSDT[282] : NtResumeThread @ 0x82A2DB9A -> HOOKED (Unknown @ 0x87C76908)
SSDT[289] : NtSetContextThread @ 0x82AA510B -> HOOKED (Unknown @ 0x87C7DD30)
SSDT[305] : NtSetInformationProcess @ 0x82A26908 -> HOOKED (Unknown @ 0x87C7DF00)
SSDT[306] : NtSetInformationThread @ 0x82A0B2DD -> HOOKED (Unknown @ 0x87C7DC40)
SSDT[330] : NtSuspendProcess @ 0x82AA5597 -> HOOKED (Unknown @ 0x87C72C60)
SSDT[331] : NtSuspendThread @ 0x829AC92D -> HOOKED (Unknown @ 0x87C7DA80)
SSDT[334] : NtTerminateProcess @ 0x82A03173 -> HOOKED (Unknown @ 0x87C405F8)
SSDT[335] : NtTerminateThread @ 0x82A2E584 -> HOOKED (Unknown @ 0x87C7DB60)
SSDT[348] : NtUnmapViewOfSection @ 0x82A22B9D -> HOOKED (Unknown @ 0x87C7DFD0)
SSDT[358] : NtWriteVirtualMemory @ 0x82A1F96D -> HOOKED (Unknown @ 0x87C71BD8)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-00A0R SCSI Disk Device +++++
--- User ---
[MBR] f586aedfee2b17586b494463a0bad281
[BSP] 453b7ebeeadb0433343edf5f01817e49 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[4]_D_21112012_205810.txt >>
RKreport[1]_S_21112012_173702.txt ; RKreport[1]_S_21112012_173702a.txt ; RKreport[2]_D_21112012_204519.txt ; RKreport[3]_S_21112012_205708.txt ; RKreport[4]_D_21112012_205810.txt

J'ai telechargé Malwarebytes et j'ai procedé au scan complet. Voilà le rapport qu'il m'a donné :


Malwarebytes Anti-Malware (Essai) 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.11.21.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Emac :: ESTELLE [administrateur]

Protection: Activé

21/11/2012 20:59:53
mbam-log-2012-11-21 (20-59-53).txt

Type d'examen: Examen complet (C:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 378081
Temps écoulé: 3 heure(s), 36 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 35
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE} (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\f (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter (Adware.InstallCore) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab MP3 Converter (Adware.InstallCore) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Boxore (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\BrightBreeze (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Données: Funmoods Toolbar -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Données: -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com/) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Mauvais: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Bon: (http://www.google.com/) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 11
C:\Users\Emac\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\BrightBreeze\bin (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\BrightBreeze\bin\2.0.12.0 (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\BrightBreezeSA (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 18
C:\Program Files\FoxTab3GPConverter\Uninstall\Uninstall.exe (Adware.InstallCore) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\FoxTabMP3Converter\Uninstall\Uninstall.exe (Adware.InstallCore) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\WxDFast\WxDFast.exe (Trojan.Dropper) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\AppData\Local\funmoods.crx (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Emac\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\BrightBreeze\bin\2.0.12.0\copyright.txt (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\BrightBreezeSA\BrightBreezeSA.dat (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\BrightBreezeSA\BrightBreezeSAau.dat (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\BrightBreezeSA\BrightBreezeSA_kyf.dat (Adware.HotBar.BB) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> Mis en quarantaine et supprimé avec succès.

(fin)

Dois-je encore faire d'autres manipulations ?
Merci encore de votre réponse...

est2207 y'avait du monde

relance roguekiller scan cliques proxyraz

copies le rapport

Salut Did80

Merci de ta réponse. En effet y avait bcp de monde vula longueur du rapport !
J'ai relancé rogukiller et cliqué sur Proxy raz
Voilà le rapport :

RogueKiller V8.3.1 [Nov 22 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Emac [Droits d'admin]
Mode : Proxy RAZ -- Date : 22/11/2012 21:53:30

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:25106) -> SUPPRIMÉ

¤¤¤ Driver : [CHARGE] ¤¤¤

Termine : << RKreport[6]_PR_22112012_215330.txt >>
RKreport[1]_S_21112012_173702.txt ; RKreport[1]_S_21112012_173702a.txt ; RKreport[2]_D_21112012_204519.txt ; RKreport[3]_S_21112012_205708.txt ; RKreport[4]_D_21112012_205810.txt ;
RKreport[4]_D_21112012_205810b.txt ; RKreport[5]_S_22112012_214033.txt ; RKreport[6]_PR_22112012_215330.txt

:hello:est2207

on va vérifier l'état de ton pc

Scan du PC et recherche des infections.

* Télécharge OTL sur ton Bureau.

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Fait un double-clic sur l'icône d'OTL pour le lancer.
(Vista/Seven faire un clic-droit sur l'icône d'OTL et choisir "Exécuter en tant qu'administrateur")

* Quand l'interface d'OTL apparaîtra, assure toi que dans la section "Rapport" (en haut à droite) que la case "Rapport minimal" soit cochée.

* Copies et colles le contenu de la citation ci-dessous dans le cadre se nommant "Personnalisation" :

* Cliques sur le bouton "Analyse" (en haut à gauche).

* Laisse le scan aller jusqu'à son terme sans te servir du PC.

* A la fin du scan un ou deux rapports vont s'ouvrir : "OTL.Txt" et "Extras.Txt"(dans certains cas).

Nota : Les rapports sont également présents sur le Bureau et sauvegardés dans le dossier 'C:\_OTL'.

Hébergement des rapports.

1 - Connecte toi ici --> Cjoint.com

2 - Clique sur le bouton Parcourir... et recherche dans l'arborescence ton premier rapport 'OTL.txt' sur le Bureau et sélectionne le.

3 - Clique ensuite sur le bouton Créer le lien Cjoint et patiente quelques secondes afin d'obtenir le lien de partage que tu devras

me transmettre après avoir effectué un clic droit dessus > Copier le raccourci. Celui-ci ressemblera à ceci : http://cjoint.com/?BHpjGhPqPRB

* Effectue les même étapes pour le rapport 'Extras.txt'.

Hello did80.

Voilà les rapports obtenus après l'analyse :

Rapport Extras :
http://cjoint.com/?3Kxwo6nawCH

Rapport OTL :
http://cjoint.com/?3KxwqO6SecM

Merci encore de ton aide !

:hello:est2207 fais ceci

Ferme toutes les fenêtres actives sur ton PC

Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".

vérifie que la case "Rapport minimal" soit bien cochée.

Copie et colle le contenu de cette citation (en bleu ) dans la fenêtre "Personnalisation:

:otl
IE - HKLM\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files\01NET.com\prxtb01NE.dll (Conduit Ltd.) => Toolbar.Conduit
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms} => Toolbar.Conduit
IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found => Toolbar.Conduit
IE - HKCU\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files\01NET.com\prxtb01NE.dll (Conduit Ltd.) => Toolbar.Conduit
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=116218&tt=4212_5&babsrc=SP_ss&mntrId=4aca39f200000000000000242ba0c3d6 => Toolbar.Babylon
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=F-ET&o=&src=crm&am(...){searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=3858A4AB-87BE-428A-8DC8-04CA9526F248&apn_sauid=3F179932-4160-472F => Toolbar.Agent
FF - prefs.js..extensions.enabledAddons: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}:3.9.0.3 => Toolbar.Conduit
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}"
[2012/01/25 20:35:03 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\Emac\AppData\Roaming\mozilla\Firefox\Profiles\7c6ywkfo.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} => Toolbar.Conduit
[2012/11/21 13:58:15 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\extensions\staged\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi => Toolbar.SweetIM
[2010/09/28 21:39:14 | 000,002,333 | ---- | M] () -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\searchplugins\askcom.xml => Plugin Mozilla Firefox Ask.com
[2011/12/13 15:38:54 | 000,000,931 | ---- | M] () -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\searchplugins\conduit.xml => Toolbar.Conduit
[2011/08/18 22:49:59 | 000,002,503 | ---- | M] () -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\searchplugins\SearchResults.xml => Toolbar.Agent
[2012/11/21 13:58:53 | 000,004,008 | ---- | M] () -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\searchplugins\sweetim.xml => Toolbar.SweetIM
[2011/08/18 22:49:59 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml => Toolbar.Agent
O2 - BHO: (01NET.com Toolbar) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files\01NET.com\prxtb01NE.dll (Conduit Ltd.) => Toolbar.Conduit
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) => Toolbar.SweetIM
O3 - HKLM\..\Toolbar: (01NET.com Toolbar) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files\01NET.com\prxtb01NE.dll (Conduit Ltd.) => Toolbar.Conduit
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) => Toolbar.SweetIM
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found. => Toolbar.Agent
O3 - HKCU\..\Toolbar\WebBrowser: (01NET.com Toolbar) - {8E5025C2-8EA3-430D-80B8-A14151068A6D} - C:\Program Files\01NET.com\prxtb01NE.dll (Conduit Ltd.) => Toolbar.Conduit
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) => Toolbar.SweetIM
[2012/11/22 21:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\01NET.com => 01NET.com
[2012/11/22 21:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\01NET.com => 01NET.com
[2011/12/24 10:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit => Toolbar.Conduit
[2012/10/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Program Files\Software => Toolbar.Agent
[2012/11/22 14:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\SweetIM => Toolbar.SweetIM
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10039&st=12&barid={926F7FD0-F5FC-11E1-A3DA-00238B2CB34C}
PRC - C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
PRC - C:\Program Files\GamesBar\update\SearchEngineProtection.exe (Oberon Media ) => Infection BT (Adware.GamesBar)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10039&st=12&barid={926F7FD0-F5FC-11E1-A3DA-00238B2CB34C}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4aca39f200000000000000242ba0c3d6&tlver=1.4.19.19&affID=17160
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files\01NET.com\prxtb01NE.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{51C6DFBD-2460-62B7-6093-11FECB2BE838}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&s(...){searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com//web?src=ieb&appid=333&systemid=1&sr=0&am(...){searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0AtD0CtA0DyCtAzy0FtBtN0D0Tzu0CtByDtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=789061601
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=(...){searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000.10039&st=12&(...){searchTerms}&barid={926F7FD0-F5FC-11E1-A3DA-00238B2CB34C}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{017F910B-BA55-46B9-9407-FB9D20E4624F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3128284
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=4aca39f200000000000000242ba0c3d6&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{51C6DFBD-2460-62B7-6093-11FECB2BE838}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&s(...){searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh.com//web?src=ieb&appid=333&systemid=1&sr=0&am(...){searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0AtD0CtA0DyCtAzy0FtBtN0D0Tzu0CtByDtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=789061601
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=(...){searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000.10039&st=12&(...){searchTerms}&barid={926F7FD0-F5FC-11E1-A3DA-00238B2CB34C}
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.certified-toolbar.com?si=41460&home=true&tid=592"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="
FF - prefs.js..extensions.autoDisableScopes: 10user_pref("keyword.URL", "http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=");
FF - prefs.js..keyword.URL: "http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.certified-toolbar.com?si=41460&home=true&tid=592"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Web Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Web Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011/03/26 09:15:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
[2011/08/18 22:50:08 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Emac\AppData\Roaming\mozilla\Firefox\Profiles\7c6ywkfo.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/10/16 15:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emac\AppData\Roaming\mozilla\Firefox\Profiles\7c6ywkfo.default\extensions\ffxtlbr@babylon.com
[2012/09/06 22:06:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Emac\AppData\Roaming\mozilla\Firefox\Profiles\7c6ywkfo.default\extensions\plugin@yontoo.com
[2011/08/15 13:41:02 | 000,133,403 | ---- | M] () (No name found) -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\extensions\ffxtlbr@babylon.com.xpi
[2012/10/16 16:14:29 | 000,003,280 | ---- | M] () -- C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\searchplugins\Web Search.xml
[2012/10/16 16:17:56 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/10/16 16:14:29 | 000,003,280 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll File not found
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (GamesBar (W)) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
O9 - Extra Button: Change your facebook look - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\MinibarButton.dll (TODO: <Company name>)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
MsConfig - StartUpReg: BabylonToolbar - hkey= - key= - File not found
MsConfig - StartUpReg: BrightBreezeSA - hkey= - key= - File not found
MsConfig - StartUpReg: DATAMNGR - hkey= - key= - File not found
MsConfig - StartUpReg: MobileDocuments - hkey= - key= - File not found
MsConfig - StartUpReg: MSC - hkey= - key= - File not found
MsConfig - StartUpReg: SweetIM - hkey= - key= - File not found
MsConfig - StartUpReg: Sweetpacks Communicator - hkey= - key= - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
[2012/11/23 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\GamesBar
[2012/11/22 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2012/10/15 20:16:08 | 000,867,480 | ---- | C] (Babylon Ltd.) -- C:\Users\Emac\AppData\Local\BabylonToolbar.exe
[2012/11/22 21:29:27 | 000,000,009 | ---- | M] () -- C:\end
[2012/10/15 20:16:15 | 000,000,000 | ---D | M] -- C:\Users\Emac\AppData\Roaming\Babylon
[2011/10/28 18:56:45 | 000,000,000 | ---D | M] -- C:\Users\Emac\AppData\Roaming\CrazyLoader
[2011/12/17 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\Emac\AppData\Roaming\OfferBox
[2011/12/24 10:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\CrazyLoader
[2011/04/24 08:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2011/03/26 09:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\Freeze.com
[2012/11/23 15:28:27 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2011/09/11 19:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\iMesh Applications
[2012/01/03 23:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\OfferBox
[2011/03/26 09:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\PriceGong
[2012/11/22 21:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Searchqu Toolbar
[2012/11/15 00:47:21 | 000,000,000 | ---D | M] -- C:\Program Files\~BabylonToolbar
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8

:files

C:\Program Files\01NET.com\prxtb01NE.dll
C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\01NET.com
C:\Program Files\Conduit
C:\Program Files\Software
C:\Program Files\SweetIM
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Program Files\GamesBar\update\SearchEngineProtection.exe
C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
C:\Program Files\Minibar\Froggy.dllC:\Program Files\OfferBox\offerboxffx@offerbox.com
C:\Users\Emac\AppData\Roaming\mozilla\Firefox\Profiles\7c6ywkfo.default\extensions\ffxtlbr@babylon.com C:\Users\Emac\AppData\Roaming\mozilla\Firefox\Profiles\7c6ywkfo.default\extensions\plugin@yontoo.com
C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\extensions\ffxtlbr@babylon.com.xpi C:\Users\Emac\AppData\Roaming\mozilla\firefox\profiles\7c6ywkfo.default\searchplugins\Web Search.xml
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
C:\Program Files\Minibar\Froggy.dll
C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
C:\Program Files\Minibar\Kango.dll
C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
C:\Program Files\Yontoo\YontooIEClient.dll
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Program Files\GamesBar\update\SearchEngineProtection.exe
C:\Program Files\Minibar\MinibarButton.dll
C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\GamesBar
C:\Users\Emac\AppData\Local\BabylonToolbar.exe
C:\end
C:\Users\Emac\AppData\Roaming\Babylon
C:\Users\Emac\AppData\Roaming\CrazyLoader
C:\Users\Emac\AppData\Roaming\OfferBox
C:\Program Files\CrazyLoader
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Freeze.com
C:\Program Files\iMesh Applications
C:\Program Files\OfferBox
C:\Program Files\PriceGong
C:\Program Files\Searchqu Toolbar
C:\Program Files\~BabylonToolbar

:Commands
[EMPTYFLASH]
[emptytemp]



Clique sur le bouton "Correction".

Ne touche plus au PC avant son redémarrage en mode normal.

A l'ouverture du PC un rapport va s'ouvrir --> 04212011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
Copie et colle ici en réponse le contenu de ce rapport a++

Hello

J'ai essayé de lancer OTL avec les parametres que tu m'as donné mais le logiciel plante et ne reponds pas meme apres 12h d'attente est-ce normal ?
Merci

est2207

desactive ton antivirus et/ou fais le en mode sans echec

si tu n'y arrives on fera autrement

Salut

Désolée mais ca ne marche toujours pas...

est2207

1/ relance otl purge outil pour le desinstaller

2/ fais ceci a la place

Télécharge zhpdiag

http://telechargement.zebulon.fr/zhpdiag.html


Enregistrer le Fichier sur le bureau important

exécuter en tant qu'administrateur pour Vista/7) pour lancer le programme d'assistant d'installation

tu as le bouton uac dans le panel superieur pour désactiver l'uac
si vista/ seven

Scanner le pc en cliquant sur image de la loupe

Enregistrer le rapport image de la disquette qui apparaitra a la fin du scan


très volumineux incomplet sur le forum

il faut le poster sur www.cjoint.com

1 parcourir : zhpdiag.txt sur le bureau

2 déposer

3 me donner le lien formé qui ressemble a çà
http://cjoint.com/?BJlkjReCl6v4

Salut did80

Voila le rapport obtenu avec ZHPdiag :

http://cjoint.com/?3KCav7ysPew

Merci encore !

est2207
fais ceci

Sélectionnes et copies les lignes bleues suivantes

[MD5.EFE2A9C65D6C509E2CAB1CBDFA161852] - (.Oberon Media - SearchEngineProtection.exe.) -- C:\Program Files\GamesBar\update\SearchEngineProtection.exe [620480] [PID.660] => Infection BT (Adware.GamesBar)
[MD5.1B34BB332729A9B288DA14CE5EA5149F] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744] [PID.] => Infection PUP (Adware.Bandoo)
M3 - MFPP: Plugins - [Emac] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml => Infection BT (Toolbar.Babylon)
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\plugin@yontoo.com] [] Yontoo v1.20.00 (.Yontoo LLC.) => Infection BT (Adware.Yontoo)
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] [] MediaBar v4.3.0.00 (.Visicom Media Inc..) => Infection PUP (PUP.iMesh)
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\{99079a25-328f-4bd4-be04-00955acaa0a7}] [] Searchqu Toolbar v4.6.1.01 (.Visicom Media Inc..) => Infection PUP (Adware.Bandoo)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com
O2 - BHO: (no name) - {1631550F-191D-4826-B069-D9439253D926} Clé orpheline => Infection BT (Adware.PriceGong)
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} Clé orpheline => Infection PUP (PUP.iMesh)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} Clé orpheline => Infection BT (Toolbar.Babylon)
O2 - BHO: (no name) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Clé orpheline => Infection BT (Adware.Agent)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} Clé orpheline => Infection PUP (Adware.Bandoo)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} Clé orpheline => Infection PUP (Adware.Bando)
O2 - BHO: (no name) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} Clé orpheline => Infection BT (Adware.Agent)
O2 - BHO: (no name) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} Clé orpheline => Infection BT (Hijack.Browser)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Clé orpheline => Infection BT (Hijack.Browser)
O3 - Toolbar: (no name) - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} . (...) -- (.not file.) => Infection BT (Toolbar.Babylon)
O3 - Toolbar: (no name) - [HKLM]{28387537-e3f9-4ed7-860c-11e69af4a8a0} . (...) -- (.not file.) => Infection PUP (PUP.iMesh)
O3 - Toolbar: (no name) - [HKLM]{99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- (.not file.) => Infection PUP (Adware.Bandoo)
O4 - HKLM\..\Run: [DATAMNGR] . (.Bandoo Media, inc - Data Manager.) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe => Infection PUP (Adware.Bandoo)
O4 - HKCU\..\Run: [SearchEngineProtection] . (.Oberon Media - SearchEngineProtection.exe.) -- C:\Program Files\GamesBar\update\SearchEngineProtection.exe => Infection BT (Adware.GamesBar)
O4 - HKUS\S-1-5-21-3609274975-1326489897-4038433766-1000\..\Run: [SearchEngineProtection] . (.Oberon Media - SearchEngineProtection.exe.) -- C:\Program Files\GamesBar\update\SearchEngineProtection.exe => Infection BT (Adware.GamesBar)
O20 - AppInit_DLLs: . (.Bandoo Media, inc - Data Manager.) - C:\Program Files\SEARCH~1\Datamngr\datamngr.dll => Infection PUP (Adware.Bandoo)
O42 - Logiciel: Babylon toolbar - (.Pas de propriétaire.) [HKLM] -- BabylonToolbar => Infection BT (Toolbar.Babylon)
O42 - Logiciel: CrazyLoader - (.Pas de propriétaire.) [HKLM] -- CrazyLoader => Infection BT (Adware.SPointer)
O42 - Logiciel: MediaBar - (.iMesh Inc..) [HKLM] -- iMesh 1 MediaBar => Infection PUP (PUP.iMesh)
O42 - Logiciel: NetAssistant - (.Freeze.com.) [HKLM] -- {1266764D-FC4F-4FA7-B63B-884D53B1680F} => Infection BT (Adware.BHO)
O42 - Logiciel: NetAssistant - (.Freeze.com.) [HKLM] -- {C792A75A-2A1F-4991-9B85-291745478A79} => Infection BT (Adware.BHO)
O42 - Logiciel: NetAssistant for Firefox - (.Freeze.com.) [HKCU] -- NetAssistant => Infection BT (Adware.BHO)
O42 - Logiciel: PriceGong 2.1.0 - (.PriceGong.) [HKLM] -- PriceGong => Infection BT (Adware.PriceGong)
O42 - Logiciel: Searchqu Toolbar - (.Bandoo Media Inc.) [HKLM] -- Searchqu Toolbar => Infection PUP (Adware.Bandoo)
[HKCU\Software\AppDataLow\Software\PriceGong] => Infection BT (Adware.PriceGong)
[HKCU\Software\AppDataLow\Software\searchqutoolbar] => Infection PUP (Adware.Bandoo)
[HKCU\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKCU\Software\DataMngr_Toolbar]
[HKCU\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\Freeze.com] => Infection BT (Adware.BHO)
[HKLM\Software\Iminent] => Infection PUP (Adware.IMBooster)
[HKLM\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)
[HKLM\Software\iMeshMediabarTb] => Infection PUP (PUP.iMesh)
O43 - CFD: 24/12/2011 - 10:05:38 - [27,184] ----D C:\Program Files\CrazyLoader => Infection BT (Adware.SPointer)
O43 - CFD: 26/03/2011 - 09:15:58 - [0,413] ----D C:\Program Files\Freeze.com => Infection BT (Adware.BHO)
O43 - CFD: 23/11/2012 - 15:28:27 - [1,493] ----D C:\Program Files\GamesBar => Infection BT (Adware.GamesBar)
O43 - CFD: 11/09/2011 - 19:44:41 - [19,780] ----D C:\Program Files\iMesh Applications => Infection PUP (PUP.iMesh)
O43 - CFD: 03/01/2012 - 23:44:50 - [0,170] ----D C:\Program Files\OfferBox => Infection PUP (PUP.OfferBox)
O43 - CFD: 26/03/2011 - 09:15:46 - [0,728] ----D C:\Program Files\PriceGong => Infection BT (Adware.PriceGong)
O43 - CFD: 22/11/2012 - 21:26:11 - [20,101] ----D C:\Program Files\Searchqu Toolbar => Infection PUP (Adware.Bandoo)
O43 - CFD: 04/11/2011 - 21:34:02 - [1,175] ----D C:\Program Files\Common Files\Plasmoo => Infection BT (Hijacker.Plasmoo)
O43 - CFD: 15/10/2012 - 20:16:15 - [0] ----D C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 19/03/2011 - 19:00:33 - [1,294] ----D C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} => Infection Diverse
O43 - CFD: 15/10/2012 - 20:16:15 - [0,020] ----D C:\Users\Emac\AppData\Roaming\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 28/10/2011 - 18:56:45 - [1,176] ----D C:\Users\Emac\AppData\Roaming\CrazyLoader => Infection BT (Adware.SPointer)
O43 - CFD: 17/12/2011 - 21:48:43 - [0,279] ----D C:\Users\Emac\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
O43 - CFD: 05/09/2012 - 14:23:10 - [0,014] ----D C:\Users\Emac\AppData\Local\Ilivid Player => Infection BT (Adware.Bandoo)
O43 - CFD: 28/10/2011 - 19:07:10 - [0,003] ----D C:\Users\Emac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrazyLoader => Infection BT (Adware.SPointer)
O44 - LFC:[MD5.A103FDF7348130EF3F3FEF56B1700A27] - 22/11/2012 - 21:29:27 ---A- . (...) -- C:\end [9] => Infection FakeAlert (Trojan.FakeAlert)
O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon)
O53 - SMSR:HKLM\...\startupreg\DATAMNGR [Key] . (...) -- C:\Program Files\IMESHA~1\MediaBar\Datamngr\DATAMN~1.exe (.not file.) => Infection PUP (PUP.iMesh)
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SavedHomepage", "http://search.imesh.com/");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://search.babylon.com/?babsrc=toolbar2&q=");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.originalHomepage", "http://search.imesh.com/");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.bbDpng", 25);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.cntry", "FR");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.dfltLng", "fr");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.firstRun", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.hdrMd5", "592B06C14C6924FD78D01EE7F80376B4");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.id", "c9b5f81b3b5345168436939b8f9d6898");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.instlDay", "15226");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.lastActv", "25");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.lastDP", 25);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.newTab", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.propectorlck", 66081457);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.ptch_0717", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar.sid", "c9b5f81b3b5345168436939b8f9d6898");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar_i.newTab", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
O69 - SBI: SearchScopes [HKCU] {1F096B29-E9DA-4D64-8D63-936BE7762CC5} - (Search the web (Babylon)) - http://search.babylon.com => Infection BT (Toolbar.Babylon)
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} - (Web Search) - http://search.imesh.com => Infection BT (Adware.Bandoo)
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Funmoods) - http://start.funmoods.com => Infection PUP (Adware.Bandoo)
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} - (Search Results) - http://dts.search-results.com => Infection BT (Adware.Bandoo)
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com => Infection BT (Adware.Bandoo)
[MD5.0F871F3D13B8736D0FE59983ADAB5E81] [SPRF][15/10/2012] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\Emac\AppData\Local\BabylonToolbar.exe [867480] => Infection BT (Toolbar.Babylon)
[HKCU\Software\JavaSoft\Prefs\crazyloader]
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
[HKLM\Software\Classes\AppID\PriceGongIE.DLL]
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OfferBox Browser]
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong]
[HKLM\Software\Classes\Babylon.dskBnd]
[HKLM\Software\Classes\Babylon.dskBnd.1]
[HKLM\Software\Classes\bbylnApp.appCore]
[HKLM\Software\Classes\bbylnApp.appCore.1]
[HKLM\Software\Classes\escort.escrtBtn.1]
[HKLM\Software\Classes\esrv.BabylonESrvc]
[HKLM\Software\Classes\esrv.BabylonESrvc.1]
[HKLM\Software\Classes\OfferBox.OfferBoxServer]
[HKLM\Software\Classes\OfferBox.OfferBoxServer.1]
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO]
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1]
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl]
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1]
[HKLM\Software\Classes\SearchQUIEHelper.DNSGuard]
[HKLM\Software\Classes\SearchQUIEHelper.DNSGuard.1]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch)
[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Agent)
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Agent)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] => Infection BT (Adware.PriceGong)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] => Infection BT (Adware.PriceGong)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] => Infection PUP (PUP.iMesh)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}]
[HKLM\Software\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] => Infection PUP (Adware.Bandoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] => Infection BT (Adware.Agent)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] => Infection BT (Adware.Agent)
[HKLM\Software\Classes\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] => Infection BT (Adware.Agent)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] => Infection BT (Adware.Agent)
[HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)
[HKLM\Software\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] => Infection PUP (Adware.Bandoo)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] => Infection BT (Adware.Bandoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] => Infection PUP (Adware.Bandoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] => Infection PUP (Adware.Bandoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] => Infection BT (Adware.Agent)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] => Infection BT (Adware.Agent)
[HKLM\Software\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] => Infection BT (Adware.Agent)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] => Infection BT (Adware.Agent)
[HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}] => Infection BT (Adware.Facemoods)
[HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}] => Infection BT (Adware.Facemoods)
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Hijack.Browser)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Hijack.Browser)
[HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Hijack.Browser)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Hijack.Browser)
[HKLM\Software\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom]
[HKCU\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar]
[HKLM\Software\CrazyLoader] => Infection BT (Adware.SPointer)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\freeze.com] => Infection BT (Adware.BHO)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKLM\Software\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
[HKLM\Software\Iminent] => Infection PUP (Adware.IMBooster)
[HKCU\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKLM\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKCU\Software\AppDataLow\Software\PriceGong] => Infection BT (Adware.PriceGong)
[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)
[HKCU\Software\AppDataLow\Software\searchqutoolbar] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CrazyLoader]
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{98889811-442D-49DD-99D7-DC866BE87DBC} => Infection BT (Toolbar.Babylon)
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} => Infection BT (Adware.Bandoo)
[HKLM\Software\Mozilla\Firefox\Extensions]:offerboxffx@offerbox.com
C:\Program Files\Crazyloader => Infection BT (Adware.SPointer)
C:\Program Files\GamesBar => Infection BT (Adware.GamesBar)
C:\Program Files\iMesh Applications => Infection PUP (PUP.iMesh)
C:\Program Files\OfferBox => Infection PUP (PUP.OfferBox)
C:\Program Files\PriceGong => Infection BT (Adware.PriceGong)
C:\Program Files\Searchqu Toolbar => Infection PUP (Adware.Bandoo)
C:\Program Files\Common Files\Plasmoo => Infection BT (Hijacker.Plasmoo)
C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
C:\Users\Emac\AppData\Roaming\Babylon => Infection BT (Toolbar.Babylon)
C:\Users\Emac\AppData\Roaming\Crazyloader => Infection BT (Adware.SPointer)
C:\Users\Emac\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
C:\Users\Emac\AppData\LocalLow\BabylonToolbar => Infection BT (Toolbar.Babylon)
C:\Users\Emac\AppData\LocalLow\Claro LTD => Infection BT (Hijacker.Agent)
C:\Users\Emac\AppData\LocalLow\imeshbandmltbpi => Infection PUP (PUP.iMesh)
C:\Users\Emac\AppData\LocalLow\PriceGong => Infection BT (Adware.PriceGong)
C:\Users\Emac\AppData\LocalLow\searchquband => Infection PUP (Adware.Bandoo)
C:\Users\Emac\AppData\LocalLow\searchqutoolbar => Infection PUP (Adware.Bandoo)
C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchqutoolbar => Infection PUP (Adware.Bandoo)
C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\Extensions\ffxtlbr@babylon.com
SS - | Disabled 0 | (Browser Manager) . (...) - C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe => Infection BT (Toolbar.Babylon)
[MD5.0D25BE7E94F7610D647E05C9ABA2E160] [SPRF][21/11/2012] (.DealPly - http://www.dealply.com/.) -- C:\Users\Emac\AppData\Local\Temp\SIMBundleInstaller.exe [506056]

M0 - MFSP: prefs.js [Emac - 7c6ywkfo.default] http://search.certified-toolbar.com
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\ffxtlbr@funmoods.com] [] Funmoods.com v1.5.1 (.Volo-Net.)
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\OneClickDownload@OneClickDownload.com] [] OneClickDownloader v1.1 (.One Click Downloader.)
O42 - Logiciel: Funmoods Web Search - (.Pas de propriétaire.) [HKLM] -- funmoods
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{8E5025C2-8EA3-430D-80B8-A14151068A6D}
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{8E5025C2-8EA3-430D-80B8-A14151068A6D}
G2 - GCE: Preference [User Data\Default] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.1.0.1 (Activé)
M3 - MFPP: Plugins - [Emac] -- C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\Search.xml
M3 - MFPP: Plugins - [Emac] -- C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\Search_Results.xml
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\ffxtlbr@funmoods.com] [] Funmoods.com v1.5.1 (.Volo-Net.)
O43 - CFD: 15/11/2012 - 00:55:09 - [7,569] ----D C:\ProgramData\~Browser Manager
O43 - CFD: 23/11/2012 - 15:28:32 - [1,201] ----D C:\Users\Emac\AppData\Roaming\VisicomToolBar
O69 - SBI: SearchScopes [HKCU] {51C6DFBD-2460-62B7-6093-11FECB2BE838} - (Search Results) - http://dts.search-results.com
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}]
[HKLM\Software\Classes\CLSID\{151867D5-7359-40AF-8764-66E58D06283C}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{151867D5-7359-40AF-8764-66E58D06283C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}]
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]
[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
[HKLM\Software\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp]
[HKLM\Software\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj]
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph]
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DataMngr]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods]
[HKLM\Software\Classes\Toolbar.CT3128284]
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{8E5025C2-8EA3-430D-80B8-A14151068A6D}
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{8E5025C2-8EA3-430D-80B8-A14151068A6D}
G0 - GCSP: Preference [User Data\Default] http://search.conduit.com
G0 - GCSP: Preference [User Data\Default] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [ehdmaehkiiampolokajdcelladmnopgp] 01NET.com v.10.13.20.29 (Activé) => 01NET.com
M3 - MFPP: Plugins - [Emac] -- C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\askcom.xml => Plugin Mozilla Firefox Ask.com
M3 - MFPP: Plugins - [Emac] -- C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\conduit.xml => Toolbar.Conduit
M3 - MFPP: Plugins - [Emac] -- C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\SearchResults.xml => Toolbar.Agent
M3 - MFPP: Plugins - [Emac] -- C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\sweetim.xml => Toolbar.SweetIM
M3 - MFPP: Plugins - [Emac] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchResults.xml => Toolbar.Agent
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR Community Toolbar v3.9.0.3 (.Conduit Ltd..) => Toolbar.Conduit
M2 - MFEP: prefs.js [Emac - 7c6ywkfo.default\{8e5025c2-8ea3-430d-80b8-a14151068a6d}] [] 01NET.com v10.13.40.15 (.Conduit Ltd..) => 01NET.com
O2 - BHO: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Clé orpheline => Softomate Toolbar
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} Clé orpheline => Toolbar.SweetIM
O3 - Toolbar: (no name) - [HKLM]{EEE6C35B-6118-11DC-9C72-001320C79847} . (...) -- (.not file.) => Toolbar.SweetIM
O42 - Logiciel: 01NET.com Toolbar - (.01NET.com.) [HKLM] -- 01NET.com Toolbar => Toolbar.Agent
[HKCU\Software\AppDataLow\Software\01NET.com] => 01NET.com
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Conduit] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Smartbar] => Toolbar.Agent
[HKCU\Software\AppDataLow\Toolbar] => Toolbar.Conduit
[HKCU\Software\Softonic] => Softonic
[HKCU\Software\SweetIM] => Toolbar.SweetIM
[HKLM\Software\01NET.com] => 01NET.com
[HKLM\Software\SweetIM] => Toolbar.SweetIM
O43 - CFD: 22/11/2012 - 21:29:19 - [4,849] ----D C:\Program Files\01NET.com => 01NET.com
O43 - CFD: 24/12/2011 - 10:05:28 - [0,609] ----D C:\Program Files\Conduit => Toolbar.Conduit
O43 - CFD: 22/10/2012 - 10:00:03 - [0] ----D C:\Program Files\Software => Toolbar.Agent
O43 - CFD: 22/11/2012 - 14:01:55 - [6,858] ----D C:\Program Files\SweetIM => Toolbar.SweetIM
O43 - CFD: 22/10/2012 - 10:00:03 - [0] ----D C:\ProgramData\Software => Toolbar.Agent
O43 - CFD: 22/11/2012 - 14:01:55 - [0,000] ----D C:\ProgramData\SweetIM => Toolbar.SweetIM
O43 - CFD: 22/11/2012 - 21:29:18 - [0,063] ----D C:\Users\Emac\AppData\Local\Conduit => Toolbar.Conduit
O43 - CFD: 16/10/2012 - 14:50:11 - [0] ----D C:\Users\Emac\AppData\Local\Software => Toolbar.Agent
O69 - SBI: C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\askcom.xml => Plugin Mozilla Firefox Ask.com
O69 - SBI: C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\searchplugins\conduit.xml => Toolbar.Conduit
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639..clientLogIsEnabled", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.CTID", "CT2851639");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.CurrentServerDate", "23-5-2012");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.DSInstall", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.DialogsGetterLastCheckTime", "Wed May 23 2012 14:48:25 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.DownloadReferralCookieData", "");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.EMailNotifierPollDate", "Wed May 23 2012 14:48:20 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedLastCount2548968607390276962", 174);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156812186649977", "Wed Jan 25 2012 23:57:39 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813040823546", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813130095866", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813224203613", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813230837251", "Wed Jan 25 2012 23:57:39 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813454291735", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813729834876", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156813860870021", "Wed Jan 25 2012 23:57:39 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156814264681793", "Wed Jan 25 2012 23:57:39 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156814863075366", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedPollDate2429156815257761081", "Wed May 23 2012 14:48:22 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedTTL2429156813040823546", 15);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedTTL2429156813130095866", 10);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedTTL2429156813454291735", 5);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FeedTTL2429156814264681793", 5);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FirstServerDate", "24-12-2011");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FirstTime", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FirstTimeFF3", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.HPInstall", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.HasUserGlobalKeys", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.HomePageProtectorEnabled", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.Initialize", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.InstallationId", "ConduitXPEIntegration");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.InstallationType", "ConduitXPEIntegration");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.InstalledDate", "Sat Dec 24 2011 10:09:52 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsAlertDBUpdated", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsGrouping", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsInitSetupIni", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsMulticommunity", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsOpenThankYouPage", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsOpenUninstallPage", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.IsProtectorsInit", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.LanguagePackLastCheckTime", "Wed May 23 2012 14:48:25 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.LastLogin_3.8.1.0", "Wed Jan 25 2012 20:22:14 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.LastLogin_3.9.0.3", "Wed May 23 2012 14:48:21 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.LatestVersion", "3.12.2.3");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.Locale", "fr");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.MyStuffEnabledAtInstallation", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.OriginalFirstVersion", "3.8.1.0");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SHRINK_TOOLBAR", 1);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchCaption", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchEngineBeforeUnload", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&q=");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchInNewTabLastCheckTime", "Wed May 23 2012 14:48:20 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchProtectorEnabled", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SearchProtectorToolbarDisabled", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SendProtectorDataViaLogin", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ServiceMapLastCheckTime", "Wed May 23 2012 14:48:21 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SettingsLastCheckTime", "Wed May 23 2012 14:48:19 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.SettingsLastUpdate", "1337169810");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ThirdPartyComponentsLastCheck", "Wed May 23 2012 14:48:19 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ThirdPartyComponentsLastUpdate", "1331805999");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ToolbarShrinkedFromSetup", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.TrusteLinkUrl", "http://trust.conduit.com/CT2851639");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.UserID", "UN07692118272860404");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ValidationData_Search", 2);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.ValidationData_Toolbar", 2);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.WeatherNetwork", "");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.WeatherPollDate", "Wed Jan 25 2012 23:53:39 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.WeatherUnit", "C");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.alertChannelId", "1243674");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.backendstorage.cbfirsttime", "5361742044656320323420323031312031303A30393A353620474D542B30313030");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.backendstorage.url_history", "687474703A2F2F6B746F7272656E742E6F72672F");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.backendstorage.url_history_time", "31333234373137393630373837");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.globalFirstTimeInfoLastCheckTime", "Wed May 23 2012 14:48:25 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.homepageProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.initDone", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.isAppTrackingManagerOn", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.myStuffEnabled", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.oldAppsList", "129351529700431300,129351529700743801,1000234,129791404828153723,1000034,129422840102831305,12[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.revertSettingsEnabled", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.searchProtectorDialogDelayInSec", 10);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.searchProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.testingCtid", "");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Wed May 23 2012 14:48:25 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.toolbarContextMenuLastCheckTime", "Wed May 23 2012 14:48:25 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.usagesFlag", 2);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2851639/CT2851639", "\"d28ea0a31c5b1da7509cbd2a[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1243674/1239347/FR", "\"0\"");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", "\"1334666883\"");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "y/LORlR12DbewW+JdTT[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "Jhg1cqt6SMZ2zk/Sj9md[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "Piuk0Y+XrAdQh3bNgUm[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "VobDslsbJdJvb4C6TOif7w[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"")[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"4ead38b3e6bcd1:0\"");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851639", "\"d76323372b05c3748a3d6b1c93[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"fe31e32e73f57208cb2dc4c562989329\[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Emac\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\7c6ywkfo.defa[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ToolbarsList", "CT2851639");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2851639");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2851639");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed May 23 2012 14:48:21 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.globalUserId", "f1bac880-189d-4153-a8d5-f297361c70a8");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851639");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 23 2012 14:48:24 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jan 25 2012 20:22:20 GMT+0100");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.locale", "en");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 23 2012 14:48:21 GMT+0200");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.notifications.userId", "d09066de-2c04-47f8-86f4-817cc90d65b8");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CommunityToolbar.originalSearchEngine", "Web Search");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.8,{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}:3.9.0.3,{b9db16a4-6edc-47e[...] => Toolbar.Conduit
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSo[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Web Search");
O69 - SBI: SearchScopes [HKCU] {017F910B-BA55-46B9-9407-FB9D20E4624F} - (01NET.com Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Claro Search) - http://www.claro-search.com => Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com => Toolbar.Agent
[MD5.CB5E1A151A543F4A238DC60892FCD2B3] [SPRF][21/11/2012] (.SweetIM Technologies Ltd. - SweetIM Installer by SweetPacks.) -- C:\Users\Emac\AppData\Local\Temp\Shortcut_sweetimsetup.exe [581464]
[MD5.F888959350086A5C75976E4E97ED23CC] [SPRF][21/11/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\Emac\AppData\Local\Temp\SIMEEI2Installer.exe [2962432]
[MD5.7704B843006444B69486FD27D4660845] [SPRF][21/11/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\Emac\AppData\Local\Temp\SIMEEIInstaller.exe [3380216]
[MD5.83B6DF7F5E36ED407B7997216852D69A] [SPRF][21/11/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\Emac\AppData\Local\Temp\SweetIESetup.exe [4061160]
[MD5.36527356F59B26542C9B69DC6E51AD05] [SPRF][21/11/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\Emac\AppData\Local\Temp\SweetIMSetup.exe [4143064]
[HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn]
[HKLM\Software\Classes\AppID\YontooIEClient.DLL]
[HKLM\Software\Classes\sweetie.ietoolbar]
[HKLM\Software\Classes\sweetie.ietoolbar.1]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\Toolbar.CT2851639]
[HKLM\Software\Classes\Toolbar3.sweetie]
[HKLM\Software\Classes\Toolbar3.sweetie.1]
[HKLM\Software\Classes\YontooIEClient.Api]
[HKLM\Software\Classes\YontooIEClient.Api.1]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] => Toolbar.Agent
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Toolbar.Agent
[HKLM\Software\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}] => Toolbar.Agent
[HKLM\Software\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}] => Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}] => Toolbar.Agent
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] => Toolbar.Agent
[HKLM\Software\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] => Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Toolbar.Agent
[HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Toolbar.Agent
[HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847}] => Toolbar.SweetIM
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}] => Toolbar.SweetIM
[HKCU\Software\AppDataLow\Software\01NET.com] => 01NET.com
[HKLM\Software\01NET.com] => 01NET.com
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit
[HKCU\Software\Softonic] => Softonic
[HKCU\Software\SweetIM] => Toolbar.SweetIM
[HKLM\Software\SweetIM] => Toolbar.SweetIM
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM]
[HKCU\Software\AppDataLow\Toolbar] => Toolbar.Conduit
C:\Program Files\Conduit => Toolbar.Conduit
C:\Program Files\Software => Toolbar.Agent
C:\Program Files\SweetIM => Toolbar.SweetIM
C:\ProgramData\Software => Toolbar.Agent
C:\ProgramData\SweetIM => Toolbar.SweetIM
C:\Users\Emac\AppData\Local\Conduit => Toolbar.Conduit
C:\Users\Emac\AppData\Local\Software => Toolbar.Agent
C:\Users\Emac\AppData\LocalLow\Conduit => Toolbar.Conduit
C:\Users\Emac\AppData\LocalLow\SweetIM => SweetIM Toolbar
C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\SearchPlugins\conduit.xml => Toolbar.Conduit
C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\SearchPlugins\SearchResults.xml => Toolbar.Agent
C:\Users\Emac\AppData\Roaming\Mozilla\Firefox\Profiles\7c6ywkfo.default\SearchPlugins\sweetim.xml => Toolbar.SweetIM

FirewallRaz
EmptyFlash
EmptyTemp

lance zhpfix

tu colles les lignes avec ce bouton



tu supprimes avec le bouton GO

copies colles c:\zhp\zhpfix[r1].txt ou C:\Program files\ZHPDiag\ZHPFixReport.txt a++

salut

C'est bon ca a marché cette fois. Voilà le rapport obtenu :

http://cjoint.com/?BKCprrLcREO

Merci !

est2207

reposte moi un zhpdiag stp et donne moi le nouveau lien

que je vois ce qu'il reste

did 80

J'ai relancé zhpdiag voilà le nouveau rapport :

http://cjoint.com/?3KCwzO9KaW6

Merci !

est2207

çà commence a se nettoyer

fais ceci


Sélectionnes et copies les lignes bleues suivantes

O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [Emac - 7c6ywkfo.default] user_pref("CT2851639.oldAppsList", "129351529700431300,129351529700743801,1000234,129791404828153723,1000034,129422840102831305,12[...]
[MD5.1B34BB332729A9B288DA14CE5EA5149F] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744] [PID.] => Infection PUP (Adware.Bandoo)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
O43 - CFD: 28/11/2012 - 14:47:17 - [1,803] ----D C:\Program Files\Searchqu Toolbar => Infection PUP (Adware.Bandoo)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
C:\Program Files\Searchqu Toolbar => Infection PUP (Adware.Bandoo)
G0 - GCSP: Preference [User Data\Default][HomePage] http://start.gamesagogo.iplay.com
M3 - MFPP: Plugins - [Emac] -- C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
M0 - MFSP: prefs.js [Emac - 7c6ywkfo.default] http://start.gamesagogo.iplay.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: (no name) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} Clé orpheline
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} Clé orpheline
O2 - BHO: (no name) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{8e5025c2-8ea3-430d-80b8-a14151068a6d} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{2e94b700-eafb-4c9e-a696-77200aa3f89b} . (...) -- (.not file.)
[HKCU\Software\Conduit]
O43 - CFD: 28/11/2012 - 14:47:17 - [1,803] ----D C:\Program Files\Searchqu Toolbar
O43 - CFD: 15/11/2012 - 00:47:21 - [1,555] ----D C:\Program Files\~BabylonToolbar
O53 - SMSR:HKLM\...\startupreg\BrightBreezeSA [Key] . (...) -- C:\Program Files\BrightBreeze\bin\2.0.12.0\BrightBreezeSA.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator [Key] . (...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {36377DD7-B3EB-42f5-986F-680BAF59BA9D} [DefaultScope] - (Yahoo!) - http://start.gamesagogo.iplay.com

FirewallRaz
EmptyFlash
EmptyTemp


lance zhpfix

tu colles les lignes avec ce bouton



tu supprimes avec le bouton GO

copies colles c:\zhp\zhpfix[r1].txt ou C:\Program files\ZHPDiag\ZHPFixReport.txt

Salut did80 !

J'ai relancé ZHPDIAG et voilà le rapport obtenu :

Rapport de ZHPFix 1.3.07 par Nicolas Coolman, Update du 13/11/2012
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-30-11-2012-08-09-42.txt
Run by Emac at 30/11/2012 08:09:42
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)



========== Processus mémoire ==========
SUPPRIME Memory Process: C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe

========== Clé(s) du Registre ==========
ERREUR Key****: HKLM\Software\DataMngr
SUPPRIME Key: CLSID BHO: {2e94b700-eafb-4c9e-a696-77200aa3f89b}
SUPPRIME Key: CLSID BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
SUPPRIME Key: CLSID BHO: {8e5025c2-8ea3-430d-80b8-a14151068a6d}
SUPPRIME Key: HKCU\Software\Conduit
SUPPRIME Key: StartupReg: BrightBreezeSA
SUPPRIME Key: StartupReg: Sweetpacks Communicator
SUPPRIME Key: SearchScopes :{36377DD7-B3EB-42f5-986F-680BAF59BA9D}

========== Valeur(s) du Registre ==========
SUPPRIME Toolbar: {8e5025c2-8ea3-430d-80b8-a14151068a6d}
SUPPRIME Toolbar: {2e94b700-eafb-4c9e-a696-77200aa3f89b}
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

========== Elément(s) de donnée du Registre ==========
SUPPRIME R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Préférences navigateur ==========
ABSENT Mozilla Pref: user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
ABSENT Mozilla Pref: user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
ABSENT Mozilla Pref: user_pref("CT2851639.oldAppsList", "129351529700431300,129351529700743801,1000234,129791404828153723,1000034,129422840102831305,12[...]
PRESENT Chrome File: C:\Users\Emac\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://start.gamesagogo.iplay.com
ABSENT Mozilla Pref: http://start.gamesagogo.iplay.com

========== Dossier(s) ==========
SUPPRIME Folder: C:\Program Files\Searchqu Toolbar
ABSENT C:\Program Files\Searchqu Toolbar
SUPPRIME Folder: C:\Program Files\~BabylonToolbar
SUPPRIME Flash Cookies:
SUPPRIME Temporaires Windows:

========== Fichier(s) ==========
SUPPRIME File: c:\program files\searchqu toolbar\datamngr\datamngrui.exe
ABSENT Folder/File: c:\program files\searchqu toolbar
SUPPRIME File: c:\program files\mozilla firefox\searchplugins\search_results.xml
ABSENT File: c:\program files\brightbreeze\bin\2.0.12.0\brightbreezesa.exe
ABSENT File: c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe
SUPPRIME Flash Cookies:
SUPPRIME Temporaires Windows:


========== Récapitulatif ==========
1 : Processus mémoire
8 : Clé(s) du Registre
5 : Valeur(s) du Registre
1 : Elément(s) de donnée du Registre
5 : Dossier(s)
7 : Fichier(s)
6 : Préférences navigateur


End of clean in 01mn 38s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 28/11/2012 14:57:26 [46729]
C:\ZHP\ZHPFix[R2].txt - 30/11/2012 08:09:42 [3046]

est2207

un peu de nettoyage

fais ceci


Télécharge Adwcleaner

adwcleaner ICI

Télécharges Pour Vista et Windows 7 : il faut lancer le fichier par clic-droit "Exécuter en tant qu'administrateur"

Lance AdwCleaner.exe
Acceptes l'avertissement qui suit

Clic sur Recherche

Patientes le temps de la recherche

copies/colles sur le forum le rapport qui apparait à la fin.

Il est sauvegardé aussi sous (C:\AdwCleaner[R1].txt)
Click sur Quitter

Coucou did80

C'est bon j'ai lancé Adwcleaner.

Voilà le rapport :

http://cjoint.com/?3KEjwYxiRyX

Merci

ok est2207

relance le phase suppression

copies/colles C:\AdwCleaner[S1].txt)

Coucou did80 !

J'ai effectué la phase suppression; voilà le rapport obtenu :

http://cjoint.com/?3KExbKGywTb

Merci encore de ton aide !

est2207

fais ceci


ok meme procedure cette fois avec ad remover

tu le télécharges (bouton telechargement gratuit)

http://www.donnemoilinfo.com/telecharger/logiciel/Ad-Remover.php

scan ton pc

copies/colles c:\ad_reportSCAN[1].txt

Hello did80...

Desolée pour ma réponse tardive je n'ai pas eu bcp de temps libre ces derniers jours...
Voilà le rapport obtenu par Ad Remover :

http://cjoint.com/?3Len54RFGfs

Merci

est2207

relance ad remover phase nettoyer

copies/colles C:\ad_reportCLEAN[1].txt

did80

Voilà le rapport obtenu après nettoyage !

http://cjoint.com/?3LexkEHhZpS

Merci !!!

est2207

fais ceci


Télécharges Malwarebytes version free
http://www.malwarebytes.org/products/malwarebytes_free

tu le mets a jour
scan complet

s’il trouve des infections important
coches les cases et supprimes la sélection

Copies colles le rapport

ps çà peut etre assez long

Coucou did80

Voilà le rapport obtenu :

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.12.05.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Emac :: ESTELLE [administrateur]

05/12/2012 22:19:42
mbam-log-2012-12-05 (22-19-42).txt

Type d'examen: Examen complet (C:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 387508
Temps écoulé: 3 heure(s), 1 minute(s), 17 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)


Ca me semble plutôt pas mal, non ?

est2207

dis moi comment va ton pc

toujours des problèmes

si c'est ok je te fais desinstaller les outils utilisés

a te lire

did80 !!!

Mon PC va bien mieux merci bcp de ton aide...

est2207



fais ceci

Télécharges delfix pour désinstaller les outils de désinfection qui ne vont plus te
Servir puisque mis a jour régulièrement

http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-ou(...)

fais la phase 1 recherche

copies/colles le rapport delfixsearch.txt

Coucou did80

Voilà le rapport obtenu :


# DelFix v6.2 - Rapport créé le 10/12/2012 à 10:54:59
# Mis à jour le 11/11/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Nom d'utilisateur : Emac - ESTELLE
# Exécuté depuis : C:\Users\Emac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5ZWYPSV\delfix.exe
# Option [Recherche]


~~~~~~ Dossier(s) ~~~~~~

Présent : C:\ZHP
Présent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Présent : C:\Program Files\Ad-Remover
Présent : C:\Program Files\ZHPDiag

~~~~~~ Fichier(s) ~~~~~~

Présent : C:\Ad-Report-CLEAN[1].txt
Présent : C:\Ad-Report-SCAN[1].txt
Présent : C:\AdwCleaner[R1].txt
Présent : C:\AdwCleaner[S1].txt
Présent : C:\Users\Emac\Desktop\AD-R.lnk
Présent : C:\Users\Emac\Desktop\Ad-Report-SCAN[1].txt
Présent : C:\Users\Emac\Desktop\AdwCleaner[R1].txt
Présent : C:\Users\Emac\Desktop\AdwCleaner[S1].txt
Présent : C:\Users\Emac\Desktop\zhpdiag.htm
Présent : C:\Users\Emac\Desktop\ZHPDiag.txt
Présent : C:\Users\Emac\Desktop\ZHPDiag2
Présent : C:\Users\Emac\Desktop\ZHPFixReport.txt
Présent : C:\Users\Public\Desktop\MBRCheck.lnk
Présent : C:\Users\Public\Desktop\ZHPDiag.lnk
Présent : C:\Users\Public\Desktop\ZHPFix.lnk

~~~~~~ Registre ~~~~~~

Clé Présente : HKCU\Software\Ad-Remover
Clé Présente : HKLM\SOFTWARE\AdwCleaner
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~~~~~~ Autres ~~~~~~


*************************

DelFix[R1].txt - [1582 octets] - [10/12/2012 10:54:59]

########## EOF - C:\DelFix[R1].txt - [1706 octets] ##########

re est2207


relance le phase suppression



puis relance le pour le désinstaller


edites ton 1er message en cliquant sur le bouton modifier


marques résolu dans le titre


bon surf did80

ok ca marche
Merci encore pour tout !!!

de rien