Se connecter / S'enregistrer
Votre question

Probleme de page et pub qui s\'ouvre tout le temps

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Juillet 2011 13:41:48

Slt tout le monde alors voilà mon problème depuis quelques jours je n'arrête pas d'avoir des page de pub qui viennent sur mon écran quand je clic sur n'importe qu'elle page internet j'ai essayer de nettoyer tout ça avec spybot et malware-byte mais rien n'y fait help please je met ci-dessous un rapport hijackthis au cas où ça pourrait aider quelqu'un merci à tout ceux qui pourront m'aider....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:51:14, on 27/07/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\julien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3922127452-4138486466-3243646388-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3922127452-4138486466-3243646388-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OneNote 2010 - Capture d’écran et lancement.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6834E7A-1E5A-46AC-A1A1-E84A105AE613}: NameServer = 85.17.255.198,46.19.33.120
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSIC02D.tmp
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 8936 bytes

Autres pages sur : probleme page pub ouvre temps

27 Juillet 2011 13:55:46

salut essaie de desinstaller autocompletePro c'est à cause de lui
tu peux aussi desinstaller Spybot il sert plus à grand chose et lourd pour le systeme pour detecter trois cookies....bref

Télécharge ici : http://www.teamxscript.org/adremoverTelechargement.html Ad-remover sur ton bureau :

Déconnecte toi et ferme toutes applications en cours !

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."


sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

Laisse travailler l'outil et ne touche à rien ...

Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
27 Juillet 2011 14:16:22

slt merci de me venir en aide, donc j'ai viré autocompletepro mais le problème persiste. Voici le rapport de ad-remover.

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:07:50 le 27/07/2011, Mode normal

Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86)
julien@JULIEN-PC (Hewlett-Packard HP Pavilion dv7 Notebook PC)

============== ACTION(S) ==============


Fichier supprimé: C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\s3hs3ys2.default\searchplugins\cherche.xml
Dossier supprimé: C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\s3hs3ys2.default\conduit
Dossier supprimé: C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\s3hs3ys2.default\ConduitEngine
Dossier supprimé: C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\s3hs3ys2.default\extensions\engine@conduit.com
Fichier supprimé: C:\Users\julien\scriptjava.html
Fichier supprimé: C:\Users\julien\tmp1.7
Dossier supprimé: C:\Program Files\AutocompletePro

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\s3hs3ys2.default\Prefs.js --
Ligne supprimée: user_pref("CT2597971.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT259...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=990808&fid=986529", "\"0\""...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/990808/986529/FR", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2597971", ...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"806ea5694d2ecb...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2597971&octid=...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/minimize.g...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/play.gif",...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/stop.gif",...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/stopped.GI...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/vol.gif", ...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/133041425.xml", "\"b537453cc4cd41b28c...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "CT2597971");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "{46a732b6-2d33-4501-9b39-c4a5c257a4f6}");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "ed2kbt");
Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2597971");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{46a732b6-2d33-4501-9b39-c4a5c257a4f6}");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "ed2kbt");
Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?sourceid=na...
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2597971");
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2597971");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 03 2011 19:43:50 GMT+02...
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 13:01:54 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 21:39:33 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "c361eba5-7bfc-43a4-959b-cf517e6247df");
Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Oct 14 2010 20:38:56 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.twitter.user_133041425.LastCheckTime", "Thu Oct 14 2010 20:38:58 GMT+020...
Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "10/14/2010 21");
Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Thu Oct 14 2010 20:38:55 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Oct 14 2010 20:38:55 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Thu Oct 14 2010 20:38:55 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Oct 14 2010 20:38:54 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.UserID", "UN65424942187809136");
Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Oct 14 2010 20:38:55 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.initDone", true);
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé supprimée: HKCU\Software\AutocompleteProBHO

Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|support@predictad.com
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

HKLM_MozillaPlugins\@innoplus.de/ino3DViewer (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\quickstores@quickstores.de (QuickStores-Toolbar)
Extensions\toolbar@iadah.com (Toolbar Iadah)
Extensions - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}" (?)
HKLM_Extensions|FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
HKLM_Extensions|otis@digitalpersona.com - C:\Program Files\DigitalPersona\Bin\FirefoxExt\
HKCU_Extensions|otis@digitalpersona.com - C:\Program Files\DigitalPersona\Bin\firefoxext

-- C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\s3hs3ys2.default --
Extensions\illimitux@illimitux.net (Illimitux)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{46a732b6-2d33-4501-9b39-c4a5c257a4f6} (ed2kbt Community Toolbar)
Extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051} (FoxGame)
Searchplugins\badoo.xml (hxxp://badoo.com/startpage/)
Prefs.js - browser.download.lastDir, C:\\Users\\julien\\Desktop
Prefs.js - browser.search.defaultenginename, Search
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
Prefs.js - keyword.URL, hxxp://badoo.com/startpage/?source=bsb&q=

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B} - "Search" (hxxp://badoo.com/startpage/?source=bsb&q={searchTerms})
HKLM_Toolbar|{381FFDE8-2394-4f90-B10D-FC6124A40F8C} (C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll)
HKLM_Toolbar|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} (x)
HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197BE6} - C:\Program Files\BitDefender\BitDefender 2010\about.exe\about.ex (x)
HKLM_ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197BE7} - WindowsFolder\hh.exe (x)
BHO\{395610AE-C624-4f58-B89E-23733EA00F9A} - "DigitalPersona Personal Extension" (C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 72 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/07/2011 14:08:53 (11425 Octet(s))

Fin à: 14:09:44, 27/07/2011

============== E.O.F ==============
Contenus similaires
27 Juillet 2011 14:19:56

bien

Télécharge ici : http://www.itxassociates.com/OT-Tools/OTL.exe OTL

enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."


sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant tous les utilisateurs

règle age du fichier sur "60 jours"

dans la moitié gauche , mets tout sur "tous"

ne modifie pas ceci :

"fichiers créés" et "fichiers Modifiés"


Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

NE LE POSTE PAS SUR LE FORUM (trop long)

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5f...

Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
27 Juillet 2011 15:05:17

desinstalle Spybot Search and Destroy devenu obsolète

==============================

Fais analyser le(s) fichier(s) suivants sur Virustotal :

[http://www.virustotal.com/index.html Virus Total ]

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Users\julien\Desktop\EPSXE\ePSXe.exe

  • Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.


  • =================================

    ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.


    Copie la liste qui se trouve en gras ci-dessous,

    colle-la dans la zone sous "Personnalisation" :


    :p rocesses
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :Services
    Bonjour Service

    :o TL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3922127452-4138486466-3243646388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: toolbar@iadah.com:1.04
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    [2010/11/11 01:31:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    [2010/11/11 01:34:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/03 13:43:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/26 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/27 17:40:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. => Toolbar.QuickStores
    O4 - Startup: C:\Users\julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk.disabled ()
    O15 - HKU\S-1-5-21-3922127452-4138486466-3243646388-1000\..Trusted Domains: chat-land.org ([]* in Trusted sites)


    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"=-

    :Files
    C:\Users\julien\AppData\Local\{*}
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
    C:\Windows\System32\phar_*.dat
    C:\Windows\System32\pcwords2.dat
    C:\Windows\System32\pc_*.dat
    C:\Windows\System32\pcwords.dat
    C:\Windows\System32\wsbl.dat
    C:\Windows\System32\ph_*.dat
    C:\Windows\System32\rezumatenoi.dat
    C:\Users\julien\AppData\Roaming\cacaoweb

    :commands
    [resethosts]
    [CLEARALLRESTOREPOINTS]
    [emptytemp]
    [start explorer]
    [reboot]


    Clique sur "Correction" pour lancer la suppression.


    Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
    27 Juillet 2011 15:34:44

    Voila pour l'analyse virus total

    http://www.virustotal.com/file-scan/report.html?id=333d...

    et voila le rapport OTL

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== SERVICES/DRIVERS ==========
    Error: No service named Bonjour Service was found to stop!
    Service\Driver key Bonjour Service not found.
    ========== OTL ==========
    Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    HKU\S-1-5-21-3922127452-4138486466-3243646388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: support@predictad.com:1.11 removed from extensions.enabledItems
    Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: toolbar@iadah.com:1.04 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
    C:\Users\julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk.disabled moved successfully.
    Registry key HKEY_USERS\S-1-5-21-3922127452-4138486466-3243646388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org\ deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
    ========== FILES ==========
    C:\Users\julien\AppData\Local\{EE5012F0-4BDA-4DF9-8F19-12F6F2DE9DB5} folder moved successfully.
    C:\Users\julien\AppData\Local\{FA70908E-1285-4F98-9A24-A08FCD59A8CB} folder moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911\Duke Nukem Forever folder moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 folder moved successfully.
    C:\Windows\System32\phar_histprot.dat moved successfully.
    C:\Windows\System32\phar_unmip.dat moved successfully.
    C:\Windows\System32\pcwords2.dat moved successfully.
    C:\Windows\System32\pc_drugs.dat moved successfully.
    C:\Windows\System32\pc_gambling.dat moved successfully.
    C:\Windows\System32\pc_games.dat moved successfully.
    C:\Windows\System32\pc_hate.dat moved successfully.
    C:\Windows\System32\pc_illegal.dat moved successfully.
    C:\Windows\System32\pc_im.dat moved successfully.
    C:\Windows\System32\pc_news.dat moved successfully.
    C:\Windows\System32\pc_onlinedating.dat moved successfully.
    C:\Windows\System32\pc_onlinepay.dat moved successfully.
    C:\Windows\System32\pc_onlineshop.dat moved successfully.
    C:\Windows\System32\pc_pornography.dat moved successfully.
    C:\Windows\System32\pc_regionaltlds.dat moved successfully.
    C:\Windows\System32\pc_searchengines.dat moved successfully.
    C:\Windows\System32\pc_socialnetworks.dat moved successfully.
    C:\Windows\System32\pc_tabloids.dat moved successfully.
    C:\Windows\System32\pc_video.dat moved successfully.
    C:\Windows\System32\pc_webproxy.dat moved successfully.
    C:\Windows\System32\pcwords.dat moved successfully.
    C:\Windows\System32\wsbl.dat moved successfully.
    C:\Windows\System32\ph_black.dat moved successfully.
    C:\Windows\System32\ph_summ.dat moved successfully.
    C:\Windows\System32\ph_white.dat moved successfully.
    C:\Windows\System32\rezumatenoi.dat moved successfully.
    C:\Users\julien\AppData\Roaming\cacaoweb folder moved successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: julien
    ->Temp folder emptied: 2949781 bytes
    ->Temporary Internet Files folder emptied: 191545 bytes
    ->Java cache emptied: 4471120 bytes
    ->FireFox cache emptied: 104527266 bytes
    ->Google Chrome cache emptied: 5050736 bytes
    ->Flash cache emptied: 1437 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 9680621 bytes

    Total Files Cleaned = 121,00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 07272011_152558

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    27 Juillet 2011 16:08:24

    Apparemment le problème a été réglé par la correction de OTL je n'ai plus de page pub.
    Merci pour votre aide c'est sympa et bonne continuation.
    27 Juillet 2011 19:20:32

    re

    c'est pas fini merci de rester jusqu'à la fin sinon c'est inutile

    il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



    Télécharge ici :

    http://www.malwarebytes.org/mbam.php Malwarebytes

    Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : http://www.malekal.com/download/comctl32.ocx


    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression" .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS