Votre question

(resolu) help pour searchqu.com/406

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Novembre 2011 00:32:05

j'ai chopé ce virus j'ai supprimé le fichier ilivid mais rien n'y fait cela réapparait merci de votre aide j'ai fais un scan avec AD merci d'avance aurelie

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Launched at 00:29:15 on 30/11/2011, Normal boot

Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86)
aurelie@AURELIE-PC (Acer Aspire M1610)

============== SEARCH ==============


Folder found: C:\Users\aurelie\AppData\Roaming\Mozilla\FireFox\Profiles\oplmp0v5.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder found: C:\Users\aurelie\AppData\Local\Conduit
Folder found: C:\Users\aurelie\AppData\LocalLow\Conduit
Folder found: C:\Users\aurelie\AppData\Roaming\OfferBox

-- File opened: C:\Users\aurelie\AppData\Roaming\Mozilla\FireFox\Profiles\oplmp0v5.default\Prefs.js --
Line found: user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272...
Line found: user_pref("CT2724386.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2724386&SearchSource=13");
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/FR", "\"0\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7....
Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c88...
Line found: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\aurelie\\AppData\\Roaming\\Mozilla\...
Line found: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/mb77/?loc...
Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2724386");
Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
Line found: user_pref("CommunityToolbar.ToolbarsList4", "CT2724386");
Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 23 2011 22:12:01 GMT+0200");
Line found: user_pref("CommunityToolbar.globalUserId", "4bc14412-34ff-4e6a-a01c-a9cfb25382b6");
Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 23 2011 22:11:5...
Line found: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line found: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 24 2011 09:22:34 GMT+020...
Line found: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line found: user_pref("CommunityToolbar.notifications.locale", "en");
Line found: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line found: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 23 2011 22:11:50 GMT+0200");
Line found: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line found: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line found: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line found: user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line found: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line found: user_pref("CommunityToolbar.notifications.userId", "b61cbd73-9943-4343-8e4f-5f5f3c0d0c42");
Line found: user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com/mb77?a=6OyhwyhY0s");
Line found: user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
Line found: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
-- File closed --


Key found: HKLM\Software\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7}
Key found: HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key found: HKLM\Software\Classes\Toolbar.CT2724386
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\DataMngr
Key found: HKLM\Software\OfferBox
Key found: HKLM\Software\SearchquMediabarTb
Key found: HKCU\Software\DataMngr
Key found: HKCU\Software\OfferBox
Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [8.0 (fr)] ****

Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
HKLM_MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0 (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\Search_Results.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q={searchTerms}/)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\aurelie\AppData\Roaming\Mozilla\FireFox\Profiles\oplmp0v5.default --
Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} (Searchqu Toolbar)
Searchplugins\Search_Results.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q={searchTerms}/)
Prefs.js - browser.search.defaultenginename, Search Results
Prefs.js - browser.search.selectedEngine, Search Results
Prefs.js - browser.startup.homepage, hxxp://www.searchqu.com/406
Prefs.js - browser.startup.homepage_override.buildID, 20111104165243
Prefs.js - browser.startup.homepage_override.mstone, rv:8.0
Prefs.js - keyword.URL, hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=

========================================

**** Internet Explorer Version [8.0.7601.17514] ****

HKCU_Main|Start Page - hxxp://www.google.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKCU_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTe...)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "?" (?)
HKLM_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTe...)
HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "IncrediMail MediaBar 2 Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKLM_Toolbar|{99079a25-328f-4bd4-be04-00955acaa0a7} (C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll)
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\aurelie\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\uninstall.exe (?)
HKLM_ElevationPolicy\{B4256A73-837C-4195-BD10-0ADEE51BEFF6} - C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe (x)
HKLM_ElevationPolicy\{DD7B17A8-55C0-4AA2-90A5-16621F368CAB} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\dtUser.exe (Visicom Media Inc.)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
BHO\{99079a25-328f-4bd4-be04-00955acaa0a7} - "Searchqu Toolbar" (C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll)
BHO\{9D717F81-9148-4f12-8568-69135F087DB0} - "DataMngr" (C:\PROGRA~1\WI3C8A~1\Datamngr\BROWSE~1.DLL)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 2 File(s)

C:\Ad-Report-SCAN[1].txt - 29/11/2011 19:48:10 (9820 Byte(s))
C:\Ad-Report-SCAN[2].txt - 30/11/2011 00:15:44 (9942 Byte(s))
C:\Ad-Report-SCAN[3].txt - 30/11/2011 00:29:20 (9959 Byte(s))

End at: 00:30:17, 30/11/2011

============== E.O.F ==============

Autres pages sur : help searchqu com 406

a c 1009 8 Sécurité
30 Novembre 2011 09:09:20

Bonjour,

Relance Ad-Remover avec l'option Nettoyage et poste le rapport Ad-Report-CLEAN.txt

Ad-Remover n'est plus mis à jour, nous allons utiliser aussi un autre outil.

---------------------------------------------------------------------------------------------

AdwCleaner - Suppression :


  • Sur cette page, télécharge AdwCleaner de Xplode en cliquant sur le bouton Télécharger et enregistre le fichier sur ton Bureau
  • Ferme toutes les applications, y compris ton navigateur
  • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal, clique sur Suppression et patiente le temps de l'analyse
  • A la fin du scan, un rapport AdwCleaner-S.txt s'ouvre. Poste le contenu de ce rapport dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner-S.txt


  • ---------------------------------------------------------------------------------------------

    Ensuite nous allons établir un diagnostic avec cet outil, suis bien les instructions indiquées :

    OTL :

    • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées
    • Dans le cadre Personnalisation, copie-colle l'intégralité de ce qui suit
      netsvcs
      msconfig
      activex
      drivers32
      /md5start
      explorer.exe
      wininit.exe
      winlogon.exe
      userinit.exe
      svchost.exe
      /md5stop
      %SYSTEMDRIVE%\*.exe
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      nslookup http://www.google.fr /c
      CREATERESTOREPOINT

    • Clique ensuite sur Analyse et patiente le temps du scan

    • A la fin de l'analyse, les rapports OTL.txt et Extras.txt s'affichent. Les rapports sont sauvegardés sur le Bureau.
    • Les rapports étant trop longs pour le forum, héberge-les sur pjjoint.fr et indique les liens fournis dans ta réponse.
      Les rapports sont sauvegardés sur le Bureau.


  • ----------------------------------------------------------------------------------------------

    Sont attendus les rapports :
    • Ad-Report-CLEAN.txt
    • AdwCleaner-S.txt
    • liens pour OTL.txt et Extras.txt


  • @+
    30 Novembre 2011 09:58:38

    bjr et merci de votre aide alors si joint le 1ier rapport (le 1ier car j'ai fais 2 fois je ne trouvais pas ou était ranger le fichier je l'ai trouvé après ) avec ad remove options clean le reste suit je précise je sais pas si cela a une importance mozilla merci

    ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

    Updated by TeamXscript on 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 09:44:58 on 30/11/2011, Normal boot

    Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86)
    aurelie@AURELIE-PC (Acer Aspire M1610)

    ============== ACTION(S) ==============


    Folder deleted: C:\Users\aurelie\AppData\Roaming\Mozilla\FireFox\Profiles\oplmp0v5.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Folder deleted: C:\Users\aurelie\AppData\Local\Conduit
    Folder deleted: C:\Users\aurelie\AppData\LocalLow\Conduit
    Folder deleted: C:\Users\aurelie\AppData\Roaming\OfferBox

    (!) -- Temporary files deleted.


    -- File opened: C:\Users\aurelie\AppData\Roaming\Mozilla\FireFox\Profiles\oplmp0v5.default\Prefs.js --
    Line deleted: user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272...
    Line deleted: user_pref("CT2724386.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2724386&SearchSource=13");
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/FR", "\"0\"...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", ...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7....
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=...
    Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c88...
    Line deleted: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\aurelie\\AppData\\Roaming\\Mozilla\...
    Line deleted: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
    Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/mb77/?loc...
    Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2724386");
    Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
    Line deleted: user_pref("CommunityToolbar.ToolbarsList4", "CT2724386");
    Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 23 2011 22:12:01 GMT+0200");
    Line deleted: user_pref("CommunityToolbar.globalUserId", "4bc14412-34ff-4e6a-a01c-a9cfb25382b6");
    Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Line deleted: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 23 2011 22:11:5...
    Line deleted: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    Line deleted: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 24 2011 09:22:34 GMT+020...
    Line deleted: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Line deleted: user_pref("CommunityToolbar.notifications.locale", "en");
    Line deleted: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Line deleted: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 23 2011 22:11:50 GMT+0200");
    Line deleted: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Line deleted: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Line deleted: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Line deleted: user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Line deleted: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Line deleted: user_pref("CommunityToolbar.notifications.userId", "b61cbd73-9943-4343-8e4f-5f5f3c0d0c42");
    Line deleted: user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com/mb77?a=6OyhwyhY0s");
    Line deleted: user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
    Line deleted: user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
    -- File closed --


    Key deleted: HKLM\Software\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Key deleted: HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
    Key deleted: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key deleted: HKLM\Software\Classes\Toolbar.CT2724386
    Key deleted: HKLM\Software\Conduit
    Key deleted: HKLM\Software\DataMngr
    Key deleted: HKLM\Software\OfferBox
    Key deleted: HKLM\Software\SearchquMediabarTb
    Key deleted: HKCU\Software\DataMngr
    Key deleted: HKCU\Software\OfferBox
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr


    ============== ADDITIONNAL SCAN ==============

    **** Mozilla Firefox Version [8.0 (fr)] ****

    Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
    HKLM_MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0 (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Searchplugins\Search_Results.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q={searchTerms}/)
    Components\browsercomps.dll (Mozilla Foundation)

    -- C:\Users\aurelie\AppData\Roaming\Mozilla\FireFox\Profiles\oplmp0v5.default --
    Searchplugins\Search_Results.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q={searchTerms}/)
    Prefs.js - browser.search.defaultenginename, Search Results
    Prefs.js - browser.search.selectedEngine, Search Results
    Prefs.js - browser.startup.homepage_override.buildID, 20111104165243
    Prefs.js - browser.startup.homepage_override.mstone, rv:8.0
    Prefs.js - keyword.URL, hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=

    ========================================

    **** Internet Explorer Version [8.0.7601.17514] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
    HKCU_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTe...)
    HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "?" (?)
    HKLM_SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - "Search Results" (hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTe...)
    HKLM_Toolbar|{99079a25-328f-4bd4-be04-00955acaa0a7} (x)
    HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\aurelie\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{B4256A73-837C-4195-BD10-0ADEE51BEFF6} - C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe (x)
    HKLM_ElevationPolicy\{DD7B17A8-55C0-4AA2-90A5-16621F368CAB} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\dtUser.exe (Visicom Media Inc.)
    HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
    HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
    BHO\{9D717F81-9148-4f12-8568-69135F087DB0} - "DataMngr" (C:\PROGRA~1\WI3C8A~1\Datamngr\BROWSE~1.DLL)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 457 File(s)
    C:\Program Files\Ad-Remover\Backup: 17 File(s)

    C:\Ad-Report-CLEAN[1].txt - 30/11/2011 09:45:21 (9688 Byte(s))
    C:\Ad-Report-SCAN[1].txt - 29/11/2011 19:48:10 (9820 Byte(s))
    C:\Ad-Report-SCAN[2].txt - 30/11/2011 00:15:44 (9942 Byte(s))
    C:\Ad-Report-SCAN[3].txt - 30/11/2011 00:29:20 (10097 Byte(s))

    End at: 09:46:39, 30/11/2011

    ============== E.O.F ==============
    Contenus similaires
    30 Novembre 2011 10:08:28

    voici le rapport adwcleaner
    # AdwCleaner v1.319 - Logfile created 11/30/2011 at 10:02:41
    # Updated 11/20/11 at 11:00a.m by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : aurelie - AURELIE-PC (Administrator)
    # Running from : C:\Users\aurelie\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\Program Files\Windows iLivid Toolbar
    Folder Deleted : C:\Users\aurelie\AppData\Roaming\Mozilla\Firefox\Profiles\oplmp0v5.default\ConduitCommon
    Folder Deleted : C:\Users\aurelie\AppData\Roaming\Mozilla\Firefox\Profiles\oplmp0v5.default\searchqutoolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079a25-328f-4bd4-be04-00955acaa0a7}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    Registry is OK.

    -\\ Mozilla Firefox v8.0 (fr)

    Profile : oplmp0v5.default
    File : C:\Users\aurelie\AppData\Roaming\Mozilla\Firefox\Profiles\oplmp0v5.default\prefs.js

    Deleted : user_pref("CT2724386..clientLogIsEnabled", true);
    Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129464706887642629", true);
    Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2724407.alertChannelId", "1116673");
    Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2724431.alertChannelId", "1116697");
    Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2727162.alertChannelId", "1119424");
    Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2727622.alertChannelId", "1119884");
    Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2727646.alertChannelId", "1119908");
    Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2727678.alertChannelId", "1119940");
    Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CT2727750.alertChannelId", "1120012");
    Deleted : user_pref("CT2724386.CTID", "CT2724386");
    Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Oct 24 2011 09:22:26 GMT+0200");
    Deleted : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
    Deleted : user_pref("CT2724386.CommunityChanged", true);
    Deleted : user_pref("CT2724386.CurrentServerDate", "24-10-2011");
    Deleted : user_pref("CT2724386.DSInstall", true);
    Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2724386.DialogsGetterLastCheckTime", "Sun Oct 23 2011 22:11:54 GMT+0200");
    Deleted : user_pref("CT2724386.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2724386.FirstServerDate", "23-10-2011");
    Deleted : user_pref("CT2724386.FirstTime", true);
    Deleted : user_pref("CT2724386.FirstTimeFF3", true);
    Deleted : user_pref("CT2724386.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Sun Oct 23 2011 22:11:51 GMT+0200");
    Deleted : user_pref("CT2724386.GroupingLastErrorCode", "");
    Deleted : user_pref("CT2724386.GroupingLastResponse", true);
    Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129633391680000000");
    Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2724386.HPInstall", false);
    Deleted : user_pref("CT2724386.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2724386.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT2724386.HomepageBeforeUnload", "hxxp://mystart.incredimail.com/mb77?a=6OyhwyhY0s");
    Deleted : user_pref("CT2724386.Initialize", true);
    Deleted : user_pref("CT2724386.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 2);
    Deleted : user_pref("CT2724386.InstallationId", "ConduitStubGeneric");
    Deleted : user_pref("CT2724386.InstallationType", "ConduitStubIntegration");
    Deleted : user_pref("CT2724386.InstalledDate", "Sun Oct 23 2011 22:11:53 GMT+0200");
    Deleted : user_pref("CT2724386.InvalidateCache", false);
    Deleted : user_pref("CT2724386.IsAlertDBUpdated", true);
    Deleted : user_pref("CT2724386.IsGrouping", true);
    Deleted : user_pref("CT2724386.IsInitSetupIni", true);
    Deleted : user_pref("CT2724386.IsMulticommunity", false);
    Deleted : user_pref("CT2724386.IsOpenThankYouPage", false);
    Deleted : user_pref("CT2724386.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sun Oct 23 2011 22:12:01 GMT+0200");
    Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2724386.LastLogin_3.7.0.6", "Mon Oct 24 2011 09:22:26 GMT+0200");
    Deleted : user_pref("CT2724386.LatestVersion", "3.7.0.6");
    Deleted : user_pref("CT2724386.Locale", "en");
    Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2724386.OriginalFirstVersion", "3.7.0.6");
    Deleted : user_pref("CT2724386.RadioIsPodcast", false);
    Deleted : user_pref("CT2724386.RadioLastCheckTime", "Sun Oct 23 2011 22:11:56 GMT+0200");
    Deleted : user_pref("CT2724386.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000");
    Deleted : user_pref("CT2724386.RadioMediaID", "21080102");
    Deleted : user_pref("CT2724386.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
    Deleted : user_pref("CT2724386.RadioShrinkedFromSetup", false);
    Deleted : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
    Deleted : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000");
    Deleted : user_pref("CT2724386.SearchCaption", "IncrediMail MediaBar 2 Customized Web Search");
    Deleted : user_pref("CT2724386.SearchEngineBeforeUnload", "MyStart Search");
    Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
    Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sun Oct 23 2011 22:12:01 GMT+0200");
    Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
    Deleted : user_pref("CT2724386.SearchProtectorEnabled", false);
    Deleted : user_pref("CT2724386.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT2724386.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Sun Oct 23 2011 22:11:50 GMT+0200");
    Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Mon Oct 24 2011 09:22:25 GMT+0200");
    Deleted : user_pref("CT2724386.SettingsLastUpdate", "1318854768");
    Deleted : user_pref("CT2724386.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2724386&SearchSource=13");
    Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sun Oct 23 2011 22:11:50 GMT+0200");
    Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1312887586");
    Deleted : user_pref("CT2724386.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
    Deleted : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2724386.UserID", "UN56129743813832647");
    Deleted : user_pref("CT2724386.WeatherNetwork", "");
    Deleted : user_pref("CT2724386.WeatherPollDate", "Mon Oct 24 2011 09:22:27 GMT+0200");
    Deleted : user_pref("CT2724386.WeatherUnit", "C");
    Deleted : user_pref("CT2724386.alertChannelId", "1116652");
    Deleted : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Mon Oct 24 2011 09:22:26 GMT+0200");
    Deleted : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2724386.initDone", true);
    Deleted : user_pref("CT2724386.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2724386.isFirstRadioInstallation", false);
    Deleted : user_pref("CT2724386.myStuffEnabled", true);
    Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2724386.oldAppsList", "200,129248961427290040,129248961427290041,111,129248963349915487[...]
    Deleted : user_pref("CT2724386.revertSettingsEnabled", false);
    Deleted : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2724386.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2724386.testingCtid", "");
    Deleted : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sun Oct 23 2011 22:11:53 GMT+0200");
    Deleted : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Sun Oct 23 2011 22:12:01 GMT+0200");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/FR", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c88[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\aurelie\\AppData\\Roaming\\Mozilla\[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/mb77/?loc[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724386");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2724386");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 23 2011 22:12:01 GMT+0200");
    Deleted : user_pref("CommunityToolbar.globalUserId", "4bc14412-34ff-4e6a-a01c-a9cfb25382b6");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 23 2011 22:11:5[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 24 2011 09:22:34 GMT+020[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 23 2011 22:11:50 GMT+0200");
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "b61cbd73-9943-4343-8e4f-5f5f3c0d0c42");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredimail.com/mb77?a=6OyhwyhY0s");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");

    -\\ Google Chrome v0.0.0.0

    File : C:\Users\aurelie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    File is OK.

    -\\ Opera v0.0.0.0

    File : C:\Users\aurelie\AppData\Roaming\Opera\Opera\operaprefs.ini

    File is OK.

    *************************

    AdwCleaner[S1].txt - [15704 octets] - [30/11/2011 10:02:41]

    *************************

    Temporary folder : : 13 folder(s)et 11 file(s) deleted

    ########## EOF - C:\AdwCleaner[S1].txt - [15921 octets] ##########
    30 Novembre 2011 13:49:59

    re juste pour vous dire j'ai mon pc qui ce bloque et se fige d'un seul coup je suis obligobiée de l’éteindre et le rallumer du coup il me demande 3 choix je choisis toujours le mode normal des fois il redémarre et des fois non il se mets en mode restore voila si cela peut vous aider merci encore aurelie
    a c 1009 8 Sécurité
    30 Novembre 2011 14:09:08

    Bonjour,

    Peux-tu de nouveau héberger le rapport OTL et me fournir le nouveau lien ?
    Le 1er rapport est totalement illisible.

    Citation :
    j'ai mon pc qui ce bloque et se fige d'un seul coup je suis obligobiée de l’éteindre

    C'est arrivé tout à coup, ou c'est un problème récurrent ?
    Tu fais quoi à ce moment-là ?

    @+
    30 Novembre 2011 18:27:14

    ok je vous renvoie
    pour mon soucis ça le faisait deja mais c'est de plus en plus il se fige a n'importe quel moment sur internet ou toute a l'heure j'etais sur photofiltre ... merci encore pour tout

    a c 1009 8 Sécurité
    30 Novembre 2011 19:33:15

    Bonjour,

    ---------------------------------------------------------------------------------------------

    Désinstalle via Programmes et fonctionnalités (si présent) :

    • Windows Searchqu Toolbar


  • ---------------------------------------------------------------------------------------------

    Installe la dernière version Java :

    Télécharge et installe cette dernière version Java

    ---------------------------------------------------------------------------------------------

    OTL :

    • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Copie l'intégralité de ce script (clic-droit -> Tout Sélectionner -> Copier)
    • Colle l'intégralité du script dans le cadre Personnalisation (clic-droit -> Coller)
    • Clique ensuite sur le bouton Correction

    • L'outil lance la suppression, ne pas l'interrompre
    • Si l'outil te demande de redémarrer le PC, tu acceptes
    • Poste le contenu du rapport situé dans C:\_OTL\MovedFiles\********_******.log dans ta prochaine réponse
      les *** sont des chiffres représentant la date [MoisJourAnnée] et l'heure


  • ---------------------------------------------------------------------------------------------

    Malwarebyte's Anti-Malware :

    • Télécharge et installe Malwarebyte's Anti-Malware (clique sur Download Free version)
    • A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée
    • Clique sur Terminer
    • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
    • Lance Malwarebyte's en double-cliquant sur l'icône sur le bureau
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Les Mises à jour se téléchargent, puis ouvre Malwarebyte's
    • Dans l'onglet Recherche, coche Exécuter un examen complet puis clique sur Rechercher
    • Sélectionne ton disque dur, puis clique sur Lancer l'examen
    • A la fin du scan, clique sur Afficher les résultats
    • Pour supprimer les éléments détectés, clique sur Supprimer la sélection
    • Si un redémarrage est demandé, clique sur Yes
    • Le rapport mbam-log[date-heure].txt s'ouvre, poste le contenu de ce rapport dans ta prochaine réponse


  • ---------------------------------------------------------------------------------------------

    Sont attendus les rapports :
    • C:\_OTL\MovedFiles\********_******.log
    • mbam-log[date-heure].txt


  • @+
    30 Novembre 2011 20:42:34

    bonsoir alors voici le fichier OTL LOG LE RESTE SUIT

    All processes killed
    ========== OTL ==========
    Prefs.js: "Search Results" removed from browser.search.defaultenginename
    Prefs.js: "Search Results" removed from browser.search.order.1
    Prefs.js: "Search Results" removed from browser.search.selectedEngine
    Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=113&syst..." removed from keyword.URL
    C:\Users\aurelie\AppData\Roaming\Mozilla\Firefox\Profiles\oplmp0v5.default\searchplugins\Search_Results.xml moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully.
    C:\Program Files\iLivid\imageformats folder moved successfully.
    C:\Program Files\iLivid folder moved successfully.
    C:\Users\aurelie\AppData\Local\Ilivid Player folder moved successfully.
    C:\Users\aurelie\AppData\Roaming\uTorrent folder moved successfully.
    C:\ProgramData\eMule folder moved successfully.
    C:\Users\aurelie\AppData\Local\{885A563A-B8FB-4A55-AB5C-FF18BAB9FB6A} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{93ED284F-BD74-45BD-B213-23E6A794DAB9} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{953389D0-BA82-4C81-910C-007F7C5C9EB5} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{86ACCFF3-E200-4858-8948-F24F84CA6306} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{16DA1BAF-7786-4BB6-A112-800C72B34A79} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4D005ABA-EBC0-4739-88CC-7F353EB1AB91} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{2DF16EB8-B94C-4AEA-A188-B9B43336DD5A} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{EEAD4A16-A6C8-4B53-A213-7E589749A493} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{74C61C24-FB95-4357-A8AA-4E5F13CAAA4C} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{7FA022C6-AC15-40CE-B7C3-97D75163C621} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{97D23C28-BDB7-46DF-9771-6170F11A6F32} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C220AA6A-BF0F-45E3-84EB-640616FF22BC} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D5B45C31-0F02-4A57-BA83-4F406EE8308F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D21B552F-6CB0-441E-BCED-371E1B12D181} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{9AF8026B-9AA5-4D1B-B0CF-82A13FF1B8A5} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{588765DC-B0B0-403C-BAFD-C5801217DCAD} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C2D0C892-42D1-489B-85F1-422361FF8EB7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{682BB586-B8EC-464E-B210-C4C6A8679F2E} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C6662394-136D-409B-AF19-A49F1FC08D14} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{410F66B9-78D2-4C43-935B-3C054FB47599} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D5C5735E-229A-4691-97E2-426276FA6162} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{9E84710F-FB74-47B6-AB57-0FF3134CC25D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{23F6F922-1423-4CC9-AAC5-1570328FFD0D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{ADAAF100-865A-4279-A9FF-4A76A448E5EF} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C5BB7E8C-608F-4665-AF27-D0CFF795CD88} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A5CEDF02-79E5-42AC-ABCB-B2F1D0DC2D10} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{831607C4-2D0A-4881-A5DC-210AA2197062} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{371774A8-7361-4236-80DF-F44C36E1CBCF} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{2010EBFB-32A8-40CF-81BA-1F4945FD83DE} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{05A7FD92-D6DA-43F0-9F69-B7B6A4E3687D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{F9893126-1E7A-4EB0-B3AA-6C515750C4EA} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B742200A-F0D1-4801-B011-5BE8FD5CAF38} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C6E0630C-367A-4163-B6AB-98C714754B6B} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{CEBF2C0C-6D6C-438E-A2AB-F9612FA9C50D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D343A10E-5A00-4051-B93D-C66513DEE6AB} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{480AC886-AE49-446A-B0F7-64FB3EA87CB7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{52B6F28B-B414-412A-9FF8-57B46B485C19} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{449A181A-9E7B-41B1-AD8E-30418AFDAC95} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{055B8A03-1052-4CB7-85E9-53BE6DFF0E7F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{F2DBEE10-F6FE-4899-BB50-0EB5D4CE97B9} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{3C829D53-E9D7-49E4-8F62-17455F845111} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{6C471A12-2A15-4956-8CB1-AF979B632F31} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{70F01689-D3A4-45B7-A772-96DC3C68D414} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{55B1CF65-19A0-4738-844F-95FA5B55024F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{185E73A5-E3D8-4467-A0B9-2671DC5D1A12} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A9D650A7-4B04-43BB-AB38-226604929858} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{15A66AAC-2BA0-4ECD-8913-91D2EE38DDB2} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{7667FEEC-7957-4205-85B5-6F3FD3D49B25} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{DBE67CFB-027C-4C16-8CEE-6B165E87CBF7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{239ED51A-DC63-46AA-93D1-673C7A8140D6} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{E0234862-E49C-4142-9186-C1663F79DDC5} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{FFF059C6-4115-48D8-A643-7762A8A05707} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{26A53E9E-F9CA-4D14-AA6F-5FEBF78C3EDE} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{1DDF0760-60FB-4C55-9CAE-3A2C6386EDF1} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{94A1F699-5E6A-406D-8BD2-880E3EC7575A} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{AAC7067E-3330-41D9-90C1-AAC95B61032C} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B0F11E09-B5E7-43D5-BC22-2C44C16D6785} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4D9B10A1-DDB8-4A55-9805-2EC16329D8E4} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4500F73C-4CC8-40EE-85D8-05B10C73CDE5} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{CE8CB0F7-D7CC-465C-9A87-20297FFEF3F1} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{76BDF944-D3FD-4EF4-BB1D-2898129C83DA} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{FE0A16D1-659C-4F9B-A915-626C3661E6DD} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{05C303A6-673B-4761-A7AF-CD85D2C33D15} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{0953169E-A841-4D30-BA46-2594DD1CE287} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{88C2E266-450E-46B2-B74E-9973B7AE512D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{68D10BC4-A8C7-4801-B3C3-5830CB6CF618} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{7BD8CDEB-12D3-47FC-8FEB-23AE300BC918} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{8CFE2C97-97DF-4A2E-A1A9-2F7504B22183} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B0F4E02E-ECEE-4548-B2D3-770F7CBC5C09} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B2B40C7E-CD6E-4C48-86C7-21D35F6846D4} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{923395A5-8CE2-4D5D-9197-5CF3C2A3EEC8} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{8F88109B-8976-41B5-84A2-DCAAB10DD360} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A3ECEE64-8375-4B35-AEC8-A69ADE828071} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{2748C771-36BE-4B10-B064-1145E846E44B} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D1ACFE48-04B2-4E50-8419-9B913DA2BE87} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{1B3988B6-6872-4404-9C7B-4F29AA90067C} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A3E98DB6-915D-46E5-A28E-FF7B738C8947} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{E9C07F85-F142-417E-AD3E-357EFECC6F52} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{BC219E2A-5180-4784-AEE7-F2497784DB38} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C1F6CA80-1079-4C72-B70D-3D84F255D3EE} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D96E6D18-9066-48B7-BC0D-9B5E701FB9EA} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{01FF6642-40F8-4545-A9FB-23E2EE31C02D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D5F80A73-A576-4530-904B-33262BDCE941} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A163A589-B2BB-4561-97FB-F295399B8E90} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{1DAC81BB-0F42-421C-8B83-1C4E5755A2F9} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{76997C76-19EA-4E5C-9C28-32F943D7205F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{9D6790E4-F43A-4059-AA45-D863E561E1FF} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{EA36E2C5-2602-4561-905F-AD8AAC468D56} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B29E073F-8D4F-49FE-8205-1114700EF787} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{923E557A-6668-45AC-9381-A3AF668F8EDA} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{FAE3959D-D3A1-4852-B5DC-A0BC20C2E406} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{10B29166-0501-4F98-A752-F45E96293FB5} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{0EFD680F-705A-4097-BDCC-90048142C83F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{ACC10348-7029-44F7-86F1-BF8171738258} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{8CD8D3FF-CEEC-4096-8417-ACC3468F4EA7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{DB2836B2-44C5-40AB-B7E7-458A4B57B26D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{0B53C139-86D1-451A-A557-3CB9353C9E1D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{3F50F589-2120-43A2-A3E0-A4122DD5773C} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{2129D725-659F-4C6D-8378-5DD7E86C2438} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{F239B5E4-796E-4B50-809C-E26F820ECF46} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B61F6DD3-145E-4AB4-9B9C-72BC7944C950} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{95BF26D0-2657-43C9-ACBA-BDFC65588ED2} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{8EC74745-FB2D-493F-B802-F724970403D7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{96B3AC4A-B880-4B7D-9E38-6E4F0E2FE0AC} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{18C69229-94D2-4320-84F6-AFCFA3437F83} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{AE826C68-FA00-4EEF-AD49-CF728FCC6F26} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{49BD0D2C-A0B0-4E62-9C73-49918BB74913} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{CCDE3C9D-5454-443D-A737-41CFE4B8060C} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{84731152-4351-40FB-9B2E-A3881CEDAFAE} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{411A64DD-B124-4E28-B850-85E33D5B7D2B} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C765D00A-0A35-4466-987A-7B7236A12EEE} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{661855A4-C92A-4FDB-8E23-68D9BA20F4F4} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{BFC08D64-10AC-40B8-A77A-86FFFF28AFB7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C7AB62F8-E6F8-404B-A7EE-EDDCF3BF4C0D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{2EE79C6A-B812-4DC6-827F-B796D8706932} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{ED45D3E0-4A53-4EAB-B13E-A4948060F03F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{28A6D82C-F9E1-4EB4-A1E8-13BE571D44CA} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C424A656-9FDE-485F-AD33-EA65B5F56264} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{5E751424-9B46-48D6-88B3-195730BC568D} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B533E845-E2CD-41B3-B064-11C579D5BE43} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{6AE68C57-BB4C-4515-A4BA-0EB477EF1DBD} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D76B383A-16D9-4801-B57F-86A3A2E4CA9F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{FF3B7460-AE38-49B2-8479-8738CCD8B7B7} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4DDBA135-20C4-472C-92D7-44DAA5615B91} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{37363C1C-D12A-4AD5-8ED8-2FD6B6A9A906} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{F745EE04-68A9-4D53-9883-33ACE0288BF3} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{47228F96-ECD8-4E64-9DA7-42F20C08C186} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C5DDAC08-8BF5-4A16-BD1A-DC1B1ACAA7A2} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A8AB5CBA-FE92-4003-8C85-47D3EC7932D8} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4EEADEBD-5D02-4AA8-B921-B3C6A2DA0652} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4D3390EE-27EB-405C-BCD2-0EAFE07DC796} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D35AB40B-81D2-476C-B4DA-C2CCD4F4FC23} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{5BD48062-6329-45BE-A450-4A0BB890887B} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{0D2AF375-5687-4345-91B8-459ED4326E43} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{40FA4F23-C956-4DA9-9A66-C04D602A60D4} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B80DE0C2-8620-4957-BBF4-562873161547} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C88FFD9B-8C0B-4A74-AA30-3EB08BE3F4A2} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{A6B61B09-558E-4B4C-9F31-90D45F8F89FB} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{35AAA3F7-27C5-4734-A64A-63FACB7079D2} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D5446A55-AEA4-4B40-8E30-FE061997A0C1} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{0846A271-C9C0-493F-AEF4-CCD2D8D98472} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{87B0831B-CD5C-4BEF-BCE3-91A6B67105D1} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D786A032-65EA-491F-92E0-B672131C88BD} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{56F75B88-09F1-4BA4-AE68-8D68E1A74FD0} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{DAC21784-5E90-4879-9D35-9E7116988A43} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B113E371-5267-4A5F-9297-E1E539585FC3} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{E123CA04-26B3-4074-9CBA-6FD971AA3E08} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{17FEC083-99A8-4FB9-AE55-92236AC16D10} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{3317951C-D97D-41AA-835D-ABE9F15F0321} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{7D8FE00E-6D22-4F3A-AA62-B7C334B32E94} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{B93BE890-8006-4FAE-BC9A-D9CA0CD393C0} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D2B0A2B1-0EED-401B-B26A-179BF1043516} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{93D4F418-B6F6-4DF6-9536-B2E1D96077F6} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{FAD90366-B0DC-4149-97A6-A51FA5ECEC20} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{4275A4F5-EFDB-4696-8CBE-6CC4904339F2} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{F3BB4363-E960-40C4-B204-7AFEAF18D4A5} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{F928028A-C62B-4FD1-AC29-D8AC9C170892} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{2CA1401B-EC32-4E9F-BF35-F25B1F189957} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{D1958D47-7F8E-4BC8-AE12-A08F0A47E15F} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{C174F98E-365C-4184-91FA-96DF3D984F55} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{549D93FA-D2BF-481F-80CE-D7BAE42ABD77} folder moved successfully.
    C:\Users\aurelie\AppData\Local\{74363F5A-F178-4647-8CD5-52B7AD940D06} folder moved successfully.
    Folder C:\Users\aurelie\AppData\Roaming\uTorrent\ not found.
    C:\Users\aurelie\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: aurelie
    ->Temp folder emptied: 1440499 bytes
    ->Temporary Internet Files folder emptied: 4747155 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 42826458 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 3088488 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 30588 bytes
    RecycleBin emptied: 5860 bytes

    Total Files Cleaned = 50,00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 11302011_203056

    Files\Folders moved on Reboot...
    File\Folder C:\Users\aurelie\AppData\Local\Temp\OICE_E19713CE-CE50-48C3-8967-2274E00B78E3.0\A5EA8302. not found!

    Registry entries deleted on Reboot...

    a c 1009 8 Sécurité
    30 Novembre 2011 20:51:23

    Re,

    Merci pour le rapport OTL.

    L'analyse avec Malwarebytes peut être longue.
    Tu postes le rapport quand tu peux.

    @+
    30 Novembre 2011 21:54:14

    et voila le dernier qui en effet a mis un peu de temps merci encore pour tout bonne soirée
    aurelie


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Version de la base de données: 8280

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    30/11/2011 21:44:57
    mbam-log-2011-11-30 (21-44-57).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|)
    Elément(s) analysé(s): 270841
    Temps écoulé: 49 minute(s), 55 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.



    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\aurelie\windows 7 activators (optional)\removewat.v2.0\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
    a c 1009 8 Sécurité
    1 Décembre 2011 10:51:44

    Bonjour,

    As-tu toujours des problèmes par rapport à searchqu ?

    Pour ton autre souci, ce n'est pas lié à mon avis à l'infection.
    Attention à l'utilisation des utilitaires d'optimisation et personnalisation qui provoquent des dysfonctionnements sur le système.
    D'autre part l'origine de ton Windows 7 me paraît douteuse.

    En attendant que tu me confirmes pour searchqu, fais ce qui suit :

    ---------------------------------------------------------------------------------------------

    Mise à jour d'Internet Explorer :

    Même si tu n'utilises pas Internet Explorer comme navigateur, il faut tout de même le mettre à jour et passer sous IE9.
    Téléchargez Internet Explorer 9

    ---------------------------------------------------------------------------------------------

    Installe la dernière version Adobe Flash Player :

    Télécharge et installe cette dernière version :
    Adobe Flash Player
    Pense à décocher les options proposées en même temps telles que la Barre d'outils Google gratuite (facultatif)

    ---------------------------------------------------------------------------------------------

    Installe la dernière version Adobe Shockwave Player :

    Télécharge et installe cette dernière version :
    Adobe Shockwave Player

    ---------------------------------------------------------------------------------------------

    @+
    1 Décembre 2011 16:22:45

    bonjour

    alors oui searchqu a l'air d'avoir disparu j'ai remis google en moteur de recherche et cela ne modifie pas
    pour mon windows 7 pourtant c'est l'original qui avait sur le pc ?
    donc âpres avoir mis abobe et explorer j'ai redémarré pour voir et la probleme ... le pc ne redémarrait pas le choix a nouveau des 3 modes ensuite j ai eu le droit a startup repair .j'ai clique sur restore et tous ce que je venais d’installer a disparu grrr!! mais searchqu n'est pas revenu oufff !!
    je vais ressayer a nouveau sans redémarrer de suite et vous tiens au courant merci encore pour tous
    aurelie
    1 Décembre 2011 17:17:40

    bon voila tous est réinstaller même java avait disparu !! Malwarebyte's Anti-Malware : a aussi disparu mais je ne l'ai pas remis dois je ? du coup j'ai peur de redémarrer le pc a nouveau, je vais attendre votre avis
    merci encore pour le temps que vous accordez !!
    a c 1009 8 Sécurité
    1 Décembre 2011 18:22:57

    Bonjour,

    C'est en fait une restauration système à une date antérieure que tu as faite ?
    Et le dernier point créé était celui du correctif OTL apparemment.
    On va quand même vérifier, mais il faudra aussi relancer Malwarebytes pour contrôler.

    Mais auparavant, applique la procédure qui suit :
    Dans Ordinateur -> Clic-droit sur C -> Propriétés -> onglet Outils -> Vérifier maintenant -> coche les 2 cases Réparer automatiquement les erreurs de système de fichiers et Rechercher et tenter une récupération des secteurs défectueux -> tu réponds "oui" à la demande de planification -> tu redémarres le PC et tu laisses faire l'analyse, le PC redémarrera tout seul.

    L'analyse peut être assez longue.

    Ensuite relance OTL comme indiqué ici et héberge le rapport OTL.txt sur pjjoint.fr.

    Puis tu relances Malwarebytes comme indiqué ici et poste le rapport.

    @+

    1 Décembre 2011 22:05:39

    bonsoir ci joint le rapport (après redémarrage rien n'a été perdu tous les fichiers sont la et a jour ! ) je vous souhaite une bonne soirée et merci encore pour votre aide de plus vous expliquez très clairement donc pour moi novice comme je suis c'est pas appréciable cdlt aurelie

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Version de la base de données: 8286

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    01/12/2011 21:52:39
    mbam-log-2011-12-01 (21-52-39).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|)
    Elément(s) analysé(s): 268372
    Temps écoulé: 48 minute(s), 23 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 1009 8 Sécurité
    2 Décembre 2011 10:21:04

    Bonjour,

    Merci pour les rapports.

    Il faut reprendre quelques lignes avec OTL.

    ---------------------------------------------------------------------------------------------

    OTL :

    • /!\ Important -> Branche tous les périphériques externes (clés, disques durs ....)
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Copie l'intégralité de ce script (clic-droit -> Tout Sélectionner -> Copier)
    • Colle l'intégralité du script dans le cadre Personnalisation (clic-droit -> Coller)
    • Clique ensuite sur le bouton Correction

    • L'outil lance la suppression, ne pas l'interrompre
    • Si l'outil te demande de redémarrer le PC, tu acceptes
    • Poste le contenu du rapport situé dans C:\_OTL\MovedFiles\********_******.log dans ta prochaine réponse
      les *** sont des chiffres représentant la date [MoisJourAnnée] et l'heure


  • ---------------------------------------------------------------------------------------------

    Comment se comporte le PC depuis que tu as fait la vérification de disque ?

    @+
    2 Décembre 2011 13:02:53

    bonjour
    alors ce matin j'ai pas eu l'ordi qui se bloque peut être on est sur la bonne voit ..... et la avec le redemarrage otl tous c'est bien passé pas d'ecran bleu ni noir tous mes icones son là ...voici le rapport merci
    All processes killed
    ========== OTL ==========
    Prefs.js: "Search Results" removed from browser.search.defaultenginename
    Prefs.js: "Search Results" removed from browser.search.order.1
    Prefs.js: "Search Results" removed from browser.search.selectedEngine
    Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=113&syst..." removed from keyword.URL
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} folder moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully.
    C:\Program Files\iLivid\imageformats folder moved successfully.
    C:\Program Files\iLivid folder moved successfully.
    C:\Windows\Tasks\OfferBoxUpdate.job moved successfully.
    C:\Users\aurelie\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: aurelie
    ->Temp folder emptied: 2388000 bytes
    ->Temporary Internet Files folder emptied: 24117482 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 37404503 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 3088488 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1089076 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 65,00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 12022011_123454

    Files\Folders moved on Reboot...
    File\Folder C:\Users\aurelie\AppData\Local\Temp\OICE_E19713CE-CE50-48C3-8967-2274E00B78E3.0\A5EA8302. not found!
    File\Folder C:\Users\aurelie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGGWISO5\ADSAdClient31[1].htm not found!

    Registry entries deleted on Reboot...
    a c 1009 8 Sécurité
    2 Décembre 2011 14:12:51

    Bonjour,

    Citation :
    alors ce matin j'ai pas eu l'ordi qui se bloque peut être on est sur la bonne voit ..... et la avec le redemarrage otl tous c'est bien passé pas d'ecran bleu ni noir tous mes icones son là


    On va pouvoir alors finaliser la partie désinfection.

    ---------------------------------------------------------------------------------------------

    Tu peux garder Malwarebytes et scanner ton système régulièrement avec en complément des analyses de ton antivirus.
    Ne pas oublier toutefois, avant de lancer l'analyse, de faire une recherche de mises à jour de Malwarebytes, dans l'onglet Mise à jour

    Relance AdwCleaner et clique sur Désinstaller
    Relance Ad-Remover et clique sur Désinstaller

    ---------------------------------------------------------------------------------------------

    Purge points de restauration :


    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Copie l'intégralité de ce code ci-dessous
      :Commands
      [CLEARALLRESTOREPOINTS]
      [EMPTYTEMP]

    • Colle l'intégralité du code dans le cadre Personnalisation
    • Clique ensuite sur le bouton Correction
    • Si l'outil te demande de redémarrer le PC, tu acceptes

  • ---------------------------------------------------------------------------------------------

    Désinstallation OTL et outils utilisés :


    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Clique sur Purge d'outils

    • Valide l'avertissement par OK et laisse le pc redémarrer


  • ---------------------------------------------------------------------------------------------

    Réactive l'UAC au niveau par défaut

    Le Contrôle de Compte Utilisateur (UAC) sous Windows 7

    ---------------------------------------------------------------------------------------------

    Quelques précisions et conseils :

    • D'une manière générale, il faut être prudent sur le net et ne pas cliquer sur tout ce qui paraît attrayant.
      Je t'invite à prendre connaissance de cet article : Pourquoi et comment je me fais infecter ?

      /!\ Toujours privilégier le téléchargement d'une application sur le site de l'éditeur.

      Bien lire les accords de licence avant toute installation, des études ont montré que La France est championne du monde de malwares !

    • Maintenir son antivrus à jour et analyser le système régulièrement, avec en parallèle un scan avec Malwarebytes

    • Tenir son système à jour, au niveau des mises à jour Windows Update, sans oublier les logiciels installés.
      Vérifier aussi d'avoir toujours la dernière version de Java et Flash Player
      Il faut installer Flash Player sous chaque navigateur présent sur le système
      Penser à décocher les options proposées en même temps que Java et Flash Player (Barre Google, Scan McAfee ....

    • Au niveau de Firefox, tu peux sécuriser ta navigation
      Firefox sécurisé


  • N'hésite pas si tu as des questions.

    Pour en savoir plus, clique sur l'image pour télécharger ce PDF

    Est-ce que tu as toujours des soucis sur le PC ?

    @+
    2 Décembre 2011 14:15:34

    re

    j'ai parlé trop vite mon ordinateur c'est a nouveau figé alors pour info je faisais rien de particuliers car a 13h20 j'ai amener les enfants a l’école,il fonctionnait et a 13h50 a mon retour c’était figé, mais tous les fichiers sont la même l'otl log ci dessus !
    il a redémarre sans me demande restore ou les 3 choix
    2 Décembre 2011 14:40:34

    nos messages ont été fait en même temps du coup j’attends ta confirmation pour faire ce qui est plus haut (vu que l'ordi a beugué) par contre j'ai installe le noscript qui a sur le lien firefox mais du coup quand je vais même sur zimbra faut que je mettes autoriser la page a chaque fois ? peut être une manip a faire !! ? merci encore pour tous
    a c 1009 8 Sécurité
    2 Décembre 2011 16:37:16

    Re,

    En effet, nos messages se sont croisés.

    Je ne pense pas que ton souci soit d'origine infectieuse. Tu peux donc de toute façon appliquer les procédures indiquées.
    Y a-t-il dans l'Observateur d'évènements trace de ce blocage (que tu pourrais retrouver grâce au créneau horaire) ?
    Ou dans le moniteur de fiabilité ?
    Y aurait-il à ce moment-là une tâche qui se lancerait (analyse ou MaJ de ton antivirus ou autre) ?

    Peut-être n'est-ce pas ton cas, mais j'ai eu ce type de blocage à un moment, c'était tout simplement ma souris (connectée en USB) qui en était la cause.
    Des images ou photos qui défilent en fond d'écran peuvent aussi créer ce genre de souci. Si c'est le cas, tester avec un fond d'écran fixe.
    As-tu installé un thème particulier non Microsoft ?

    Pour NoScript,, quand tu fais confiance au site visité, tu peux sélectionner Autoriser "nom_du_site".
    Le paramètre choisi sera mémorisé.

    @+
    2 Décembre 2011 22:05:53

    bjr alors je n'arrive pas a tous comprend j ai trouve le fichier fiabilité mais en date du 2/12 vers 13h53 et 13h54 cela ne parle que de windows donc je suppose que c'est lorsque j ai redémarré l'ordi
    mais pour la souris j'y est déjà pensé et en effet elle est usb je pense que je vais en racheté une autre! quelle marque avez vous pris de votre coté ? mon ecran est fixe donc pas la cause . pour le theme particulier non microsft je suppose au niveau fond d'ecran je ne pense pas car je vais dans personnaliser et je choisis dans les images que j'ai dispo mais c'est vrai qu'il y en a beaucoup bizarre ? du coup je l'ai change et j'ai mis une ou il y a ecrit windows 7 comme ça pas d'erreur !!
    voila maintenant je m'attaque au procèssus du haut merci encore pour tout car du coup nous avons été plus loin que ma question du depart !! aurelie
    2 Décembre 2011 22:22:42

    purge point de restaurations voici le rapport que jai eu
    All processes killed
    ========== COMMANDS ==========


    [EMPTYTEMP]

    User: All Users

    User: aurelie
    ->Temp folder emptied: 861387 bytes
    ->Temporary Internet Files folder emptied: 555566 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 37491046 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 539890 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 38,00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12022011_220906

    Files\Folders moved on Reboot...
    File\Folder C:\Users\aurelie\AppData\Local\Temp\OICE_E19713CE-CE50-48C3-8967-2274E00B78E3.0\A5EA8302. not found!

    Registry entries deleted on Reboot...
    2 Décembre 2011 22:32:06

    voila tout est fait !! sauf l'histoire flash player pour chaque navigateur du coup si je comprend je l'ai mis sur mozilla et faut que le mette sur internet explorer aussi ? je vais tenter la manip !!
    a c 1009 8 Sécurité
    3 Décembre 2011 09:45:02

    Bonjour,

    Oui, il faut bien aussi mettre à jour Flash Player sous Internet Explorer.
    Il est important de ne laisser aucune faille de sécurité sur le système et appliquer les mises à jour au fur et à mesure de leur édition.

    Pour la nouvelle souris, peu importe la marque.
    Tu peux aussi tenter de brancher ta souris sur un autre port USB si tu en as la possibilité.
    C'est bien d'avoir changé de thème, il ne faut négliger aucune piste.

    Dans l'observateur d'évènements il n'y a aucune trace de ce blocage ?

    Vérifie aussi que tes pilotes graphiques soient bien à jour et en règle générale, tout pilote à jour.
    Tu peux le vérifier avec le site Ma-Config
    http://www.ma-config.com/fr

    Je pense que côté désinfection tu peux mettre le sujet en résolu en cliquant sur le bouton Editer dans ton tout premier message.
    Ajoute ensuite [Résolu] à coté de ton titre et valide.

    @+
    3 Décembre 2011 10:21:34

    merci pour tous je vais prendre en compte tous vos conseils je vous souhaite de bonne fete de fin d'année cdlt aurelie
    3 Décembre 2011 23:56:59

    je suis désolé mais j 'arrive pas a mettre résolu je n'ai pas l’icône éditer et impossible de modifier ?? avez vous le possibilité de le faire ? merci encore pour tous
    a c 1009 8 Sécurité
    4 Décembre 2011 08:49:28

    Bonjour,

    En fait je n'ai pas ajusté mon canned depuis la mise à jour du forum et le terme exact pour le bouton, c'est Modifier.
    Tu as ce bouton Modifier en bas à droite sur ton tout 1er message ?

    Sinon, on demandera à un modérateur de le faire.

    @+
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS