Sujet Précédent Sujet Suivant

Supprimer BitGuard

Résolu/Fermé
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013 - 15 nov. 2013 à 20:18
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013 - 17 nov. 2013 à 18:04
Bonjour,
Je fais un poste pour solliciter l'aide afin de supprimer des virus sur mon pc. Apres un scan voici le resultat:
Malware (3)
Information about malware detected on the computer.
Kaspersky recommends
HEUR:Trojan.Win32.Generic
BitGuard.exe
c:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}

HEUR:Worm.Script.Generic
iTunesHelper.vbe
c:\Users\Manet\AppData\Local\Temp

HEUR:Worm.Script.Generic
iTunesHelper.vbe
c:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
J'ai besoin d'aide car je travaille sur mon memoire de fin d'etude sur le meme PC.
Merci d'avance


A voir également:

16 réponses

Réponse 1 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
15 nov. 2013 à 20:22
Salut,

Tu as des adwares sur ton PC.
Passe ces deux programmes dans l'ordre.
Lis bien les instructions, clics sur les liens et lis bien aussi.
Prends ton temps.

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout en faisant un clic droit / cocher tout
puis bouton supprimer sélection pour tout supprimer.

puis :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
Clic sur le lien de téléchargement, sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

puis :


Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.

Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.

0
Réponse 2 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 20:28
Tout d'abord Merci pour la reponse.
Mais aucun des deux liens ne me permettent de telecharger UsbFix.
En outre, c'est mon PC meme qui est infecte et surement a partir d'une cle USB pris avec un ami.
Merci encore.
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
15 nov. 2013 à 20:40
y a pas besoin d'usbfix...
0
Réponse 3 / 16
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 805
15 nov. 2013 à 20:43
Sympa

=>
https://forums.commentcamarche.net/forum/affich-29114178-aide-pour-suppression-de-virus#p29114212
0
Réponse 4 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 20:52
Je suis entrain d'essayer de scanner avec Malwarebytes, j'attends la fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 22:01
@MAlekal_morte
Je suis de retour..............
J'ai fait comme indique et voici le rapport

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:35:05
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Manet - MANET-PC
# Running from : C:\Users\Manet\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Kreapixel
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\boost_interprocess
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SimilarSites
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Bandoo
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\FilesFrog Update Checker
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Program Files (x86)\Webplayer setup
Folder Deleted : C:\Program Files (x86)\XingHaoLyrics
Folder Deleted : C:\Program Files (x86)\ooVoo_Video_Chat
Folder Deleted : C:\Program Files (x86)\SFT_France
Folder Deleted : C:\Program Files (x86)\WinZipBar_FR
Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Manet\AppData\Local\Babylon
Folder Deleted : C:\Users\Manet\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Manet\AppData\Local\Conduit
Folder Deleted : C:\Users\Manet\AppData\Local\Deals Plugin
Folder Deleted : C:\Users\Manet\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Manet\AppData\Local\Ilivid
Folder Deleted : C:\Users\Manet\AppData\Local\lollipop
Folder Deleted : C:\Users\Manet\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Manet\AppData\Local\PackageAware
Folder Deleted : C:\Users\Manet\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Manet\AppData\Local\torch
Folder Deleted : C:\Users\Manet\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Manet\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Manet\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Manet\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Manet\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Manet\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Manet\AppData\LocalLow\ooVoo_Video_Chat
Folder Deleted : C:\Users\Manet\AppData\LocalLow\SFT_France
Folder Deleted : C:\Users\Manet\AppData\LocalLow\WinZipBar_FR
Folder Deleted : C:\Users\Manet\AppData\Roaming\Movdap
Folder Deleted : C:\Users\Manet\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Manet\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Manet\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Manet\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Manet\AppData\Roaming\WebPlayerBdd
Folder Deleted : C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\Smartbar
Folder Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
Folder Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\Extensions\plugin@getwebcake.com
Folder Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Folder Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Folder Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme
Folder Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf
Folder Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgfhnccljmjfngkeodgohfjgcoeikbg
Folder Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjcejipifajofgbcbclmfohjnbflgjd
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlayerV2.lnk
File Deleted : C:\Users\Manet\Desktop\Check for Updates.lnk
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\bprotector_prefs.js
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\searchplugins\Babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\searchplugins\BrowserDefender.xml
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\searchplugins\delta.xml
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\user.js
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Users\Manet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\windows\System32\Tasks\EPUpdater
File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [lrcspal@xinghao.net]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bdgfhnccljmjfngkeodgohfjgcoeikbg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bdgfhnccljmjfngkeodgohfjgcoeikbg
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dhjcejipifajofgbcbclmfohjnbflgjd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhjcejipifajofgbcbclmfohjnbflgjd
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\EoEngineBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealioToolbar-stub-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deals Plugin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deals Plugin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\532da8de03dbd14
Key Deleted : HKLM\SOFTWARE\532da8de03dbd14
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1572363
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801939
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031774
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3148726
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_arma-2-free_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_arma-2-free_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_audacity_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_audacity_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_autorun-eater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_autorun-eater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_express-scribe_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_express-scribe_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_xnbeep_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_xnbeep_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F4FF4C5-99ED-440B-A811-DBC949246C0D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D51F677-2A0B-43E2-B444-A2B384D24B91}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{486A70D5-226C-4D37-9FFA-7FF25866E03A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB66DE22-B660-4059-8C9E-D218433490DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022462237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466637}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D51F677-2A0B-43E2-B444-A2B384D24B91}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D51F677-2A0B-43E2-B444-A2B384D24B91}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D51F677-2A0B-43E2-B444-A2B384D24B91}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3F4FF4C5-99ED-440B-A811-DBC949246C0D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{486A70D5-226C-4D37-9FFA-7FF25866E03A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB66DE22-B660-4059-8C9E-D218433490DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01DFB183-3422-4FF0-AA59-4F4EC5CE5A0A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2E217B4-90F3-454A-BED2-E38D14B5934B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29A0E3C8-F7DD-49FF-958B-76989481D2F1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEB23AE7-824B-4ADC-BC34-C16D474FABD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEC5FAF8-C154-4C33-BA0B-F2DA45D86D8B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA9A03E6-099B-4BA4-9961-1B605CA92402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BB515F4-BB2A-4187-B98B-7F4DBCB1DDDD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{377E5D4D-77E5-476A-8716-7E70A9272DA0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4D51F677-2A0B-43E2-B444-A2B384D24B91}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4D51F677-2A0B-43E2-B444-A2B384D24B91}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4D51F677-2A0B-43E2-B444-A2B384D24B91}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EB93AADE-9884-47F0-AA9D-0920E1D1203F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466637}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\WinZipBar_FR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Deals Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\ooVoo_Video_Chat
Key Deleted : HKCU\Software\AppDataLow\Software\SFT_France
Key Deleted : HKCU\Software\AppDataLow\Software\WinZipBar_FR
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\SimilarSites
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\ooVoo_Video_Chat
Key Deleted : HKLM\Software\SFT_France
Key Deleted : HKLM\Software\WinZipBar_FR
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F21ABA47-CE22-4B3D-8F47-8BF08C21C094}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimilarSites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ooVoo_Video_Chat Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFT_France Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_FR Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v20.0 (fr)

[ File : C:\Users\Manet\AppData\Roaming\Mozilla\Firefox\Profiles\0bsxidhv.default\prefs.js ]

Line Deleted : user_pref("CT2801939.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT2801939.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2801939.1000234.TWC_TMP_city", "BRUSSELS");
Line Deleted : user_pref("CT2801939.1000234.TWC_TMP_country", "BE");
Line Deleted : user_pref("CT2801939.1000234.TWC_locId", "CAXX4626");
Line Deleted : user_pref("CT2801939.1000234.TWC_location", "Brussels, Canada");
Line Deleted : user_pref("CT2801939.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT2801939.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT2801939.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT2801939.FirstTime", "true");
Line Deleted : user_pref("CT2801939.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2801939.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2801939.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801939&SearchSource=2&q=");
Line Deleted : user_pref("CT2801939.UserID", "UN73040132401724898");
Line Deleted : user_pref("CT2801939.XING_APP_MARKETPLACE_APP_LANG.enc", "ZW4=");
Line Deleted : user_pref("CT2801939.XING_APP_MARKETPLACE_GADGET_HEIGHT_NORMAL.enc", "NTY5");
Line Deleted : user_pref("CT2801939.XING_APP_MARKETPLACE_GADGET_HEIGHT_SHORT.enc", "NDE1");
Line Deleted : user_pref("CT2801939.XING_APP_MARKETPLACE_GADGET_WIDTH.enc", "MzUz");
Line Deleted : user_pref("CT2801939.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2801939.autoDisableScopes", -1);
Line Deleted : user_pref("CT2801939.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2801939.defaultSearch", "true");
Line Deleted : user_pref("CT2801939.enableAlerts", "always");
Line Deleted : user_pref("CT2801939.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT2801939.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2801939.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2801939.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2801939.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2801939.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2801939.fixUrls", true);
Line Deleted : user_pref("CT2801939.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT2801939.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2801939.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2801939.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2801939.isNewTabEnabled", true);
Line Deleted : user_pref("CT2801939.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2801939.keyword", true);
Line Deleted : user_pref("CT2801939.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT2801939.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2801939.openThankYouPage", "false");
Line Deleted : user_pref("CT2801939.openUninstallPage", "true");
Line Deleted : user_pref("CT2801939.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2801939.search.searchAppId", "129306877870131855");
Line Deleted : user_pref("CT2801939.search.searchCount", "0");
Line Deleted : user_pref("CT2801939.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2801939.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2801939.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361817789724");
Line Deleted : user_pref("CT2801939.serviceLayer_services_appTracking_lastUpdate", "1361168513902");
Line Deleted : user_pref("CT2801939.serviceLayer_services_appsMetadata_lastUpdate", "1362501541331");
Line Deleted : user_pref("CT2801939.serviceLayer_services_clientErrorLog_lastUpdate", "1357676215310");
Line Deleted : user_pref("CT2801939.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362501188043");
Line Deleted : user_pref("CT2801939.serviceLayer_services_location_lastUpdate", "1362501189206");
Line Deleted : user_pref("CT2801939.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359102660018");
Line Deleted : user_pref("CT2801939.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359216910938");
Line Deleted : user_pref("CT2801939.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361168628460");
Line Deleted : user_pref("CT2801939.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362501188367");
Line Deleted : user_pref("CT2801939.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362501187954");
Line Deleted : user_pref("CT2801939.serviceLayer_services_searchAPI_lastUpdate", "1362501189200");
Line Deleted : user_pref("CT2801939.serviceLayer_services_serviceMap_lastUpdate", "1362501188698");
Line Deleted : user_pref("CT2801939.serviceLayer_services_setupAPI_lastUpdate", "1362501189320");
Line Deleted : user_pref("CT2801939.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362501188118");
Line Deleted : user_pref("CT2801939.serviceLayer_services_toolbarSettings_lastUpdate", "1362501542023");
Line Deleted : user_pref("CT2801939.serviceLayer_services_translation_lastUpdate", "1362501188981");
Line Deleted : user_pref("CT2801939.settingsINI", true);
Line Deleted : user_pref("CT2801939.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2801939.smartbar.CTID", "CT2801939");
Line Deleted : user_pref("CT2801939.smartbar.Uninstall", "1");
Line Deleted : user_pref("CT2801939.smartbar.homepage", true);
Line Deleted : user_pref("CT2801939.smartbar.toolbarName", "NCH FR ");
Line Deleted : user_pref("CT2801939.toolbarBornServerTime", "14-12-2012");
Line Deleted : user_pref("CT2801939.toolbarCurrentServerTime", "5-3-2013");
Line Deleted : user_pref("CT2801939.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801939&SearchSource=13&CUI=SB_CUI");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "NCH FR Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801939&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2801939");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114506&tt=5012_6&babsrc=HP_clro&mntrId=844dd1ae0000000000001a659d574bf3");
Line Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Line Deleted : user_pref("extensions.crossrider.bic", "13a307bd79c79338af518459b64651f9");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationTime", 1349432957);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.active", true);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.backgroundver", 43);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.value", "1349432957");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_aoi.value", "1349432957");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_arbitrary_code.expiration", "Fri Jul 19 2013 20:40:09 GMT+0200 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7BappAPI.db.get%28%5C%22_GPL_ib_disclosure%5C%22%29%26%26%28appAPI.db.set%28%5C%22_GPL_ib_delay%5C[...]
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_blocklist.expiration", "Fri Jul 19 2013 20:40:09 GMT+0200 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_cf_bu1.value", "1361271573");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_country_code.expiration", "Tue Jul 23 2013 13:27:45 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_country_code.value", "%22BE%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_crr.value", "1374258976");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_currenttime.value", "%221372075106%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_disclosure.value", "1368552382");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_list.expiration", "Sat Jul 20 2013 02:35:09 GMT+0200 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22baf8a008e108e74e55e1bb9874cb417d%22%3A%7B%22p%22%3A%2[...]
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_list_temp.expiration", "Fri Jul 19 2013 20:45:09 GMT+0200 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_list_temp.value", "1374258909.28");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_pc_20120828.value", "1349436761264");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_product_id.value", "%221180%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_zoneid.value", "%2290178%22");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.dbtest.value", "1349433160112");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.lastrequest.value", "%7B%22path%22%3A%22/conakrypeople%22%2C%22host%22%3A%22www.facebook.com%22%2C%22scheme%22%3A%22hxxps%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.description", "Deals Plugin");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2217C790CF8E0246F5AEA6F96AD78CE9B0IE%22%2C%22installer_verifier%22%3A%2292a6d0ed08ca1504[...]
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_appVer.value", "90");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_nextCheck.expiration", "Sat Jul 20 2013 02:35:08 GMT+0200 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22InsideVM[...]
Line Deleted : user_pref("extensions.crossriderapp4637.4637.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.name", "Deals Plugin");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.ver", 16);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.ver", 8);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4637/plugins/091/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.pluginsversion", 69);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4637.4637.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4637.4637.ver", 90);
Line Deleted : user_pref("extensions.crossriderapp4637.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4637.apps", "4637");
Line Deleted : user_pref("extensions.crossriderapp4637.bic", "13a307bd79c79338af518459b64651f9");
Line Deleted : user_pref("extensions.crossriderapp4637.cid", 4637);
Line Deleted : user_pref("extensions.crossriderapp4637.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4637.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4637.installationdate", 1349433153);
Line Deleted : user_pref("extensions.crossriderapp4637.lastcheck", 22904315);
Line Deleted : user_pref("extensions.crossriderapp4637.lastcheckitem", 22904317);
Line Deleted : user_pref("extensions.crossriderapp4637.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp4637.statsDailyCounter", 55);
Line Deleted : user_pref("extensions.delta.admin", fals
0
Réponse 6 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 22:17
la liste dans l'outils extension
Google chrome: Bitdefender QuickScan 0.9.9.131
Plus-HD-2.2 1.25.77

Firefox: Adblock Plus 2.2.4
Avast Easypass
Deals Plugin 0.91.87
Plus-HD-2.2 0.92.77

Je fais quoi maintenant? Est-ce que c'est bon et je dois desintaller les logiciels que je viens d'installer.
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
15 nov. 2013 à 23:05
Supprime
Deals Plugin 0.91.87
Plus-HD-2.2 0.92.77
0
Réponse 7 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 23:10
C'est fait.
0
Réponse 8 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 23:15
ensuite mon cher aideur ? :)
0
Réponse 9 / 16
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
Modifié par Malekal_morte- le 15/11/2013 à 23:38
Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

Tu peux faire ensuite la manip usbfix dans le sujet de lili.


Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Réponse 10 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
15 nov. 2013 à 23:59
Je ne sais comment vous remercier. Je vous dis un grand MERCI (vous êtes formidable).
J'ai active la sensibilite dans mon AVAST et installer WOT.
Je peux maintenant desinstaller les autres antivirus (Emisoft, Kapersky, Malwarebyte et le nettoyeur) que j'avais installe?
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
16 nov. 2013 à 11:49
garde Malwarebytes pour des scans réguliers.
0
Réponse 11 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
16 nov. 2013 à 15:14
Merci Merci Merci. Je peux bien dormir maintenant avec la sensation de bien travailler mon TFE sans virus, grâce a ton aide.
GRACIAS
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
16 nov. 2013 à 18:57
:)
0
Réponse 12 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
17 nov. 2013 à 14:36
Salut Malekal
J'ai passe mes deux cle USB sur USBFix et j'ai ces deux rapports, qu'est-ce que je peux faire? Merci d'avance

############################## | UsbFix V 7.150 | [Research]

User: Manet (Administrator) # MANET-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 14:13:31 | 17/11/2013

Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: TOSHIBA (Portable PC)
CPU: AMD Athlon(tm) II P320 Dual-Core Processor
RAM -> [Total : 2811 | Free : 1420]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 288 Gb (76 Mb free - 26%) [TI105846W0F] # NTFS
D:\ -> CD-ROM
H:\ -> Removable drive # 977 Mb (901 Mb free - 92%) [USB 2000] # FAT32

################## | Active Processes |

C:\windows\system32\csrss.exe (ID: 516 |ParentID: 496)
C:\windows\system32\csrss.exe (ID: 576 |ParentID: 568)
C:\windows\system32\wininit.exe (ID: 584 |ParentID: 496)
C:\windows\system32\winlogon.exe (ID: 644 |ParentID: 568)
C:\windows\system32\services.exe (ID: 684 |ParentID: 584)
C:\windows\system32\lsass.exe (ID: 692 |ParentID: 584)
C:\windows\system32\lsm.exe (ID: 700 |ParentID: 584)
C:\windows\system32\svchost.exe (ID: 792 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 888 |ParentID: 684)
C:\windows\System32\svchost.exe (ID: 112 |ParentID: 684)
C:\windows\System32\svchost.exe (ID: 384 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 524 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 572 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 1172 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 1284 |ParentID: 684)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1360 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 1692 |ParentID: 684)
C:\windows\SysWOW64\svchost.exe (ID: 2000 |ParentID: 684)
C:\windows\system32\Dwm.exe (ID: 1652 |ParentID: 384)
C:\windows\system32\svchost.exe (ID: 2172 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 3080 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 3400 |ParentID: 684)
C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 4228 |ParentID: 4164)
C:\windows\System32\svchost.exe (ID: 5472 |ParentID: 684)
C:\windows\explorer.exe (ID: 6612 |ParentID: 644)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 8124 |ParentID: 684)
C:\windows\System32\rundll32.exe (ID: 7564 |ParentID: 792)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 7264 |ParentID: 8124)
C:\windows\system32\SearchIndexer.exe (ID: 3360 |ParentID: 684)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 7876 |ParentID: 684)
C:\windows\System32\spoolsv.exe (ID: 1812 |ParentID: 684)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 5424 |ParentID: 684)
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (ID: 6064 |ParentID: 684)
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (ID: 6504 |ParentID: 6064)
C:\windows\system32\DllHost.exe (ID: 8028 |ParentID: 792)
C:\windows\system32\SearchProtocolHost.exe (ID: 3496 |ParentID: 3360)
C:\windows\system32\taskeng.exe (ID: 2024 |ParentID: 572)
C:\windows\system32\wbem\wmiprvse.exe (ID: 5756 |ParentID: 792)
C:\windows\System32\WUDFHost.exe (ID: 1976 |ParentID: 384)
C:\Users\Manet\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 6936 |ParentID: 792)
C:\windows\system32\SearchFilterHost.exe (ID: 7972 |ParentID: 3360)
C:\windows\system32\taskeng.exe (ID: 5256 |ParentID: 572)
C:\UsbFix\Go.exe (ID: 3548 |ParentID: 2212)
\\?\C:\windows\system32\wbem\WMIADAP.EXE (ID: 2020 |ParentID: 572)
C:\windows\system32\wbem\wmiprvse.exe (ID: 3188 |ParentID: 792)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE\wow6432Node | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [] -
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [RoboForm] - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Manet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Manet\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [VoipCheapCom] - "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [SalaatTime] - C:\Program Files (x86)\Salaat Time\SalaatTime.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found ! C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe
Found ! C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Found ! H:\iTunesHelper.vbe
Found ! H:\R+3.lnk
Found ! H:\RDC.lnk
Found ! H:\structurelle.lnk
Found ! H:\atelier_mohamed_sketsha.lnk
Found ! H:\Fonctionnelle-1.lnk
Found ! H:\Fonctionnelle-2.lnk
Found ! H:\Fonctionnelle-3.lnk
Found ! H:\formelle.lnk
Found ! H:\R+1.lnk
Found ! H:\.lnk
Found ! H:\.Trashes.lnk
Found ! H:\.Spotlight-V100.lnk
Found ! C:\Users\Manet\AppData\Local\Temp\Drives.vbs

################## | Reference of comparison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe
Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\Manet\AppData\Local\Temp\Drives.vbs
Md5 : 915E8D8F3A79C35D997D9BB4283DBDF0 -> H:\iTunesHelper.vbe

################## | Comparison MD5 |

Found ! Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\Manet\AppData\Local\Temp\Drives.vbs
Found ! Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe
Found ! Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Found ! Md5 : 915E8D8F3A79C35D997D9BB4283DBDF0 -> H:\iTunesHelper.vbe

################## | Registry |

Found ! HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Found ! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |




et

############################## | UsbFix V 7.150 | [Research]

User: Manet (Administrator) # MANET-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 13:42:20 | 17/11/2013

Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: TOSHIBA (Portable PC)
CPU: AMD Athlon(tm) II P320 Dual-Core Processor
RAM -> [Total : 2811 | Free : 798]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 288 Gb (76 Mb free - 27%) [TI105846W0F] # NTFS
D:\ -> CD-ROM

################## | Active Processes |

C:\windows\system32\csrss.exe (ID: 516 |ParentID: 496)
C:\windows\system32\csrss.exe (ID: 576 |ParentID: 568)
C:\windows\system32\wininit.exe (ID: 584 |ParentID: 496)
C:\windows\system32\winlogon.exe (ID: 644 |ParentID: 568)
C:\windows\system32\services.exe (ID: 684 |ParentID: 584)
C:\windows\system32\lsass.exe (ID: 692 |ParentID: 584)
C:\windows\system32\lsm.exe (ID: 700 |ParentID: 584)
C:\windows\system32\svchost.exe (ID: 792 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 888 |ParentID: 684)
C:\windows\system32\atiesrxx.exe (ID: 964 |ParentID: 684)
C:\windows\System32\svchost.exe (ID: 112 |ParentID: 684)
C:\windows\System32\svchost.exe (ID: 384 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 524 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 572 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 1172 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 1284 |ParentID: 684)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1360 |ParentID: 684)
C:\windows\system32\atieclxx.exe (ID: 1400 |ParentID: 964)
C:\windows\System32\spoolsv.exe (ID: 1624 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 1692 |ParentID: 684)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1796 |ParentID: 684)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 1888 |ParentID: 684)
C:\windows\system32\taskhost.exe (ID: 1972 |ParentID: 684)
C:\windows\SysWOW64\svchost.exe (ID: 2000 |ParentID: 684)
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (ID: 1488 |ParentID: 684)
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (ID: 1540 |ParentID: 684)
C:\windows\system32\Dwm.exe (ID: 1652 |ParentID: 384)
C:\windows\Explorer.EXE (ID: 808 |ParentID: 1512)
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (ID: 1956 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 2172 |ParentID: 684)
C:\Windows\system32\TODDSrv.exe (ID: 2204 |ParentID: 684)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID: 2248 |ParentID: 684)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2448 |ParentID: 684)
C:\windows\system32\SearchIndexer.exe (ID: 2572 |ParentID: 684)
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (ID: 2656 |ParentID: 684)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2700 |ParentID: 2448)
C:\windows\system32\wbem\wmiprvse.exe (ID: 2868 |ParentID: 792)
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (ID: 2956 |ParentID: 1956)
C:\windows\system32\svchost.exe (ID: 3080 |ParentID: 684)
C:\windows\system32\svchost.exe (ID: 3400 |ParentID: 684)
C:\windows\System32\WUDFHost.exe (ID: 3572 |ParentID: 384)
C:\Windows\System32\wscript.exe (ID: 3984 |ParentID: 808)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3992 |ParentID: 808)
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (ID: 4020 |ParentID: 808)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1536 |ParentID: 684)
C:\Users\Manet\AppData\Local\Akamai\netsession_win.exe (ID: 3944 |ParentID: 808)
C:\Users\Manet\AppData\Local\Akamai\netsession_win.exe (ID: 1012 |ParentID: 3944)
C:\Program Files (x86)\Salaat Time\SalaatTime.exe (ID: 4156 |ParentID: 808)
C:\windows\splwow64.exe (ID: 4220 |ParentID: 4156)
C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 4228 |ParentID: 4164)
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (ID: 4240 |ParentID: 808)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (ID: 4296 |ParentID: 808)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4304 |ParentID: 4164)
C:\Users\Manet\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 4796 |ParentID: 808)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4836 |ParentID: 4164)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4844 |ParentID: 4336)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3172 |ParentID: 684)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 1124 |ParentID: 4296)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (ID: 1852 |ParentID: 792)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4860 |ParentID: 4844)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 3280 |ParentID: 792)
C:\windows\System32\svchost.exe (ID: 5472 |ParentID: 684)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4772 |ParentID: 808)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 784 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5744 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5000 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4984 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4440 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3100 |ParentID: 4772)
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE (ID: 5892 |ParentID: 808)
C:\Program Files (x86)\Graphisoft\ArchiCAD 12\ArchiCAD.exe (ID: 7096 |ParentID: 808)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6980 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5836 |ParentID: 4772)
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe (ID: 7732 |ParentID: 808)
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (ID: 7716 |ParentID: 684)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7004 |ParentID: 4772)
C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6196 |ParentID: 4772)
C:\windows\system32\taskhost.exe (ID: 1068 |ParentID: 684)
C:\windows\system32\SearchProtocolHost.exe (ID: 3972 |ParentID: 2572)
C:\UsbFix\Go.exe (ID: 7336 |ParentID: 7376)
C:\Windows\System32\dinotify.exe (ID: 7908 |ParentID: 4704)
C:\windows\system32\rundll32.exe (ID: 5820 |ParentID: 792)
C:\windows\system32\SearchFilterHost.exe (ID: 7860 |ParentID: 2572)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE\wow6432Node | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [] -
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [RoboForm] - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Manet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Manet\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [VoipCheapCom] - "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [SalaatTime] - C:\Program Files (x86)\Salaat Time\SalaatTime.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found ! C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe
Found ! C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Found ! C:\Users\Manet\AppData\Local\Temp\Drives.vbs

################## | Reference of comparison MD5 |

Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe
Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\Manet\AppData\Local\Temp\Drives.vbs

################## | Comparison MD5 |

Found ! Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\Manet\AppData\Local\Temp\Drives.vbs
Found ! Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Local\Temp\iTunesHelper.vbe
Found ! Md5 : AED4FAF279ABF7D7605E81707BE3CE64 -> C:\Users\Manet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe

################## | Registry |

Found ! HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Found ! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://www.usbfix
0
Réponse 13 / 16
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 805
17 nov. 2013 à 15:21
Coucou :D

Suppression


* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir

* Lance USBFix (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en temps qu'administrateur).

* Clique sur "Suppression"

* Laisse travailler l'outil

* Ton Bureau va disparaitre puis l'ordinateur va redémarrer : c'est normal

* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)

0
Réponse 14 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
17 nov. 2013 à 17:51
J'ai fait cela et j'ai les deux rapports idem que dans mon poste precedent.
A chaque fois que je transfere un fichier sur ma cle, elle y est en raccourci en depit du formatage de ma clef
Merci d'avance.

voici les rapports
############################## | UsbFix V 7.150 | [Deletion]

User: Manet (Administrator) # MANET-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 17:33:08 | 17/11/2013

Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: TOSHIBA (Portable PC)
CPU: AMD Athlon(tm) II P320 Dual-Core Processor
RAM -> [Total : 2811 | Free : 1225]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 288 Gb (78 Mb free - 27%) [TI105846W0F] # NTFS
D:\ -> CD-ROM
H:\ -> Removable drive # 977 Mb (901 Mb free - 92%) [USB 2000] # FAT32

################## | Stopped processes |

Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1360 |ParentID: 684)
Stopped! C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 4228 |ParentID: 4164)
Stopped! C:\windows\explorer.exe (ID: 2356 |ParentID: 644)
Stopped! C:\windows\System32\WUDFHost.exe (ID: 1068 |ParentID: 384)
Stopped! C:\windows\System32\rundll32.exe (ID: 6216 |ParentID: 792)
Stopped! C:\windows\system32\SearchIndexer.exe (ID: 5692 |ParentID: 684)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 188 |ParentID: 684)
Stopped! C:\windows\system32\DllHost.exe (ID: 7296 |ParentID: 792)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1368 |ParentID: 684)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (ID: 1192 |ParentID: 7808)
Stopped! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4284 |ParentID: 1192)
Stopped! C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (ID: 6376 |ParentID: 792)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 4280 |ParentID: 684)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 7664 |ParentID: 4280)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6560 |ParentID: 2356)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7784 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1444 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4356 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5672 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1488 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6984 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4408 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6440 |ParentID: 6560)
Stopped! C:\Users\Manet\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7036 |ParentID: 6560)
Stopped! C:\windows\system32\SearchProtocolHost.exe (ID: 5184 |ParentID: 5692)
Stopped! C:\windows\system32\SearchFilterHost.exe (ID: 6508 |ParentID: 5692)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE\wow6432Node | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [] -
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [RoboForm] - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Manet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Manet\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [VoipCheapCom] - "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [SalaatTime] - C:\Program Files (x86)\Salaat Time\SalaatTime.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Deleted ! H:\R+3.lnk
Deleted ! H:\RDC.lnk
Deleted ! H:\structurelle.lnk
Deleted ! H:\atelier_mohamed_sketsha.lnk
Deleted ! H:\Fonctionnelle-1.lnk
Deleted ! H:\Fonctionnelle-2.lnk
Deleted ! H:\Fonctionnelle-3.lnk
Deleted ! H:\formelle.lnk
Deleted ! H:\R+1.lnk
Deleted ! H:\.lnk
Deleted ! H:\.Trashes.lnk
Deleted ! H:\.Spotlight-V100.lnk
Deleted ! H:\iTunesHelper.vbe

(!) Temporary files deleted.

################## | Reference of comparison MD5 |

Md5 : 915E8D8F3A79C35D997D9BB4283DBDF0 -> H:\iTunesHelper.vbe

################## | Comparison MD5 |


################## | Registry |


################## | Listing |

[21/12/2012 - 02:23:32 | SHD ] C:\$Recycle.Bin
[09/10/2013 - 08:23:06 | D ] C:\48a1edb66f65c718af
[09/01/2013 - 00:16:17 | N | 222041] C:\adorage-protocol.txt
[15/11/2013 - 21:38:51 | D ] C:\AdwCleaner
[25/08/2011 - 19:30:16 | D ] C:\Anuman Interactive
[01/03/2013 - 00:07:16 | D ] C:\Autodesk
[04/04/2010 - 06:22:25 | SHD ] C:\Boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[04/04/2010 - 06:22:27 | RASH | 8192] C:\BOOTSECT.BAK
[16/11/2013 - 02:16:06 | HD ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[27/02/2012 - 21:31:59 | D ] C:\Downloads
[06/02/2013 - 15:49:51 | D ] C:\drivers
[13/11/2013 - 19:39:58 | N | 906] C:\EamClean.log
[25/04/2012 - 20:54:22 | D ] C:\EES32
[18/09/2013 - 16:11:01 | D ] C:\extensions
[13/12/2012 - 22:23:49 | N | 17801] C:\find_installed_search_provider.log
[03/12/2011 - 16:12:46 | D ] C:\Firefox
[16/11/2013 - 09:43:33 | ASH | 2210578432] C:\hiberfil.sys
[03/05/2011 - 20:49:15 | D ] C:\Microgaming
[01/12/2006 - 23:37:14 | N | 904704] C:\msdia80.dll
[02/02/2011 - 00:36:18 | RHD ] C:\MSOCache
[17/11/2013 - 13:27:33 | ASH | 2947440640] C:\pagefile.sys
[19/04/2012 - 13:45:28 | D ] C:\PEB
[15/11/2013 - 21:35:13 | D ] C:\Program Files
[17/11/2013 - 13:06:39 | D ] C:\Program Files (x86)
[17/11/2013 - 13:43:46 | HD ] C:\ProgramData
[08/02/2011 - 00:46:46 | D ] C:\Skrabble
[14/11/2013 - 10:12:32 | SHD ] C:\System Volume Information
[17/11/2013 - 17:33:25 | D ] C:\UsbFix
[17/11/2013 - 17:23:51 | N | 12788] C:\UsbFix [Clean 1] MANET-PC.txt
[17/11/2013 - 17:29:20 | N | 8600] C:\UsbFix [Clean 2] MANET-PC.txt
[17/11/2013 - 17:46:17 | A | 9192] C:\UsbFix [Clean 3] MANET-PC.txt
[17/11/2013 - 14:12:06 | N | 3109] C:\UsbFix [Listing 1 ] MANET-PC.txt
[16/11/2013 - 00:53:00 | N | 13335] C:\UsbFix [Scan 1] MANET-PC.txt
[16/11/2013 - 01:26:28 | N | 9837] C:\UsbFix [Scan 2] MANET-PC.txt
[16/11/2013 - 02:00:07 | N | 9342] C:\UsbFix [Scan 3] MANET-PC.txt
[17/11/2013 - 14:05:00 | N | 12537] C:\UsbFix [Scan 4] MANET-PC.txt
[17/11/2013 - 14:29:43 | N | 9803] C:\UsbFix [Scan 5] MANET-PC.txt
[11/04/2012 - 21:24:39 | N | 1573] C:\user.js
[01/02/2011 - 20:51:55 | RD ] C:\Users
[08/10/2011 - 19:43:44 | D ] C:\wamp
[12/11/2013 - 21:49:53 | D ] C:\Windows
[14/11/2013 - 13:34:14 | N | 39338] H:\R+3.png
[14/11/2013 - 13:34:24 | N | 71265] H:\RDC.png
[14/11/2013 - 13:33:06 | N | 632664] H:\structurelle.jpg
[14/11/2013 - 15:16:08 | N | 4252102] H:\atelier_mohamed_sketsha.sketch
[14/11/2013 - 13:32:20 | N | 1140702] H:\Fonctionnelle-1.jpg
[14/11/2013 - 13:35:44 | N | 657891] H:\Fonctionnelle-2.jpg
[14/11/2013 - 13:32:34 | N | 737079] H:\Fonctionnelle-3.jpg
[14/11/2013 - 13:35:28 | N | 989065] H:\formelle.jpg
[14/11/2013 - 13:34:04 | N | 60724] H:\R+1.png
[14/11/2013 - 13:39:44 | SH | 4096] H:\._.Trashes
[14/11/2013 - 13:39:44 | SHD ] H:\.Trashes
[14/11/2013 - 13:39:44 | SHD ] H:\.Spotlight-V100

################## | Vaccin |

H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |



et aussi
############################## | UsbFix V 7.150 | [Deletion]

User: Manet (Administrator) # MANET-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 17:27:23 | 17/11/2013

Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: TOSHIBA (Portable PC)
CPU: AMD Athlon(tm) II P320 Dual-Core Processor
RAM -> [Total : 2811 | Free : 1489]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 288 Gb (78 Mb free - 27%) [TI105846W0F] # NTFS
D:\ -> CD-ROM

################## | Stopped processes |

Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1360 |ParentID: 684)
Stopped! C:\Program Files\Alwil Software\Avast5\avastui.exe (ID: 4228 |ParentID: 4164)
Stopped! C:\windows\explorer.exe (ID: 5032 |ParentID: 644)
Stopped! C:\windows\System32\rundll32.exe (ID: 3668 |ParentID: 792)
Stopped! C:\windows\system32\SearchIndexer.exe (ID: 5836 |ParentID: 684)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 936 |ParentID: 684)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 5368 |ParentID: 684)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (ID: 7504 |ParentID: 4696)
Stopped! C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3288 |ParentID: 7504)
Stopped! C:\windows\system32\DllHost.exe (ID: 4932 |ParentID: 792)
Stopped! C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (ID: 3560 |ParentID: 792)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3520 |ParentID: 684)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4128 |ParentID: 3520)
Stopped! c:\program files\windows defender\MpCmdRun.exe (ID: 7840 |ParentID: 4248)
Stopped! C:\windows\system32\SearchProtocolHost.exe (ID: 3440 |ParentID: 5836)
Stopped! C:\windows\system32\SearchFilterHost.exe (ID: 7564 |ParentID: 5836)
Stopped! C:\windows\System32\WUDFHost.exe (ID: 3128 |ParentID: 384)
Stopped! C:\Users\Manet\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 3144 |ParentID: 792)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
04 - HKLM\SOFTWARE\wow6432Node | Run : [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
04 - HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [] -
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [RoboForm] - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Manet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Users\Manet\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [VoipCheapCom] - "C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized
04 - HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\SOFTWARE | Run : [SalaatTime] - C:\Program Files (x86)\Salaat Time\SalaatTime.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |


(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-1423031598-3872970482-3429475380-1000\Software\.\.\.\.\Mountpoints2\{fa09fa70-2e53-11e0-8c5c-00266c8548ba}

################## | Listing |

[21/12/2012 - 02:23:32 | SHD ] C:\$Recycle.Bin
[09/10/2013 - 08:23:06 | D ] C:\48a1edb66f65c718af
[09/01/2013 - 00:16:17 | N | 222041] C:\adorage-protocol.txt
[15/11/2013 - 21:38:51 | D ] C:\AdwCleaner
[25/08/2011 - 19:30:16 | D ] C:\Anuman Interactive
[01/03/2013 - 00:07:16 | D ] C:\Autodesk
[04/04/2010 - 06:22:25 | SHD ] C:\Boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[04/04/2010 - 06:22:27 | RASH | 8192] C:\BOOTSECT.BAK
[16/11/2013 - 02:16:06 | HD ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[27/02/2012 - 21:31:59 | D ] C:\Downloads
[06/02/2013 - 15:49:51 | D ] C:\drivers
[13/11/2013 - 19:39:58 | N | 906] C:\EamClean.log
[25/04/2012 - 20:54:22 | D ] C:\EES32
[18/09/2013 - 16:11:01 | D ] C:\extensions
[13/12/2012 - 22:23:49 | N | 17801] C:\find_installed_search_provider.log
[03/12/2011 - 16:12:46 | D ] C:\Firefox
[16/11/2013 - 09:43:33 | ASH | 2210578432] C:\hiberfil.sys
[03/05/2011 - 20:49:15 | D ] C:\Microgaming
[01/12/2006 - 23:37:14 | N | 904704] C:\msdia80.dll
[02/02/2011 - 00:36:18 | RHD ] C:\MSOCache
[17/11/2013 - 13:27:33 | ASH | 2947440640] C:\pagefile.sys
[19/04/2012 - 13:45:28 | D ] C:\PEB
[15/11/2013 - 21:35:13 | D ] C:\Program Files
[17/11/2013 - 13:06:39 | D ] C:\Program Files (x86)
[17/11/2013 - 13:43:46 | HD ] C:\ProgramData
[08/02/2011 - 00:46:46 | D ] C:\Skrabble
[14/11/2013 - 10:12:32 | SHD ] C:\System Volume Information
[17/11/2013 - 17:27:45 | D ] C:\UsbFix
[17/11/2013 - 17:23:51 | N | 12788] C:\UsbFix [Clean 1] MANET-PC.txt
[17/11/2013 - 17:28:47 | A | 7785] C:\UsbFix [Clean 2] MANET-PC.txt
[17/11/2013 - 14:12:06 | N | 3109] C:\UsbFix [Listing 1 ] MANET-PC.txt
[16/11/2013 - 00:53:00 | N | 13335] C:\UsbFix [Scan 1] MANET-PC.txt
[16/11/2013 - 01:26:28 | N | 9837] C:\UsbFix [Scan 2] MANET-PC.txt
[16/11/2013 - 02:00:07 | N | 9342] C:\UsbFix [Scan 3] MANET-PC.txt
[17/11/2013 - 14:05:00 | N | 12537] C:\UsbFix [Scan 4] MANET-PC.txt
[17/11/2013 - 14:29:43 | N | 9803] C:\UsbFix [Scan 5] MANET-PC.txt
[11/04/2012 - 21:24:39 | N | 1573] C:\user.js
[01/02/2011 - 20:51:55 | RD ] C:\Users
[08/10/2011 - 19:43:44 | D ] C:\wamp
[12/11/2013 - 21:49:53 | D ] C:\Windows

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
0
Réponse 15 / 16
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 805
17 nov. 2013 à 17:54
Normalement c'est bon?
0
Réponse 16 / 16
moh2m Messages postés 12 Date d'inscription vendredi 15 novembre 2013 Statut Membre Dernière intervention 17 novembre 2013
17 nov. 2013 à 18:04
Je n'ai pas de raccourci sur mes clés maintenant.

Merci Merci Merci beaucoup.
0