Pc sous W7 ouverture tres longueRésolu/Fermé

Question

bonjour jai mon pc sous w7 qui est tres long au demarrage environ 15mn et je narrive pas a lancer  avira et makwareytes merci pour votre aide je suis en thailande et mon pc est en anglais merci pour votre aide.

cabrier · Answer

phk30,


Essaie d'abord ceci :


Ton PC est vraisemblablement infecté par des logiciels publicitaires.
Pour t'en débarrasser commence par faire ce qui suit :


Utilise AdwCleaner (développé par Xplode) qui est un outil de désinfection spécifique aux logiciels publicitaires : 

*Sur ce tutoriel https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= tu trouveras le lien pour le télécharger et comment l'utiliser.

* Une fois téléchargé et lancé (clic droit : "Exécuter en tant qu'administrateur") clique sur [Scanner], laisse l'outil travailler.

* Lorsque le scan est terminé, dans les différents onglets apparaissent les infections trouvées.

* Clique sur l'onglet [Nettoyer], tous les éléments infectieux trouvés vont être supprimés.

* Clique sur [Rapport], le rapport apparait, tu peux le copier/coller dans ta prochaine réponse. 
Sinon héberge le sur :
cijoint ou  pjoint ou Up2Share et transmet moi le lien obtenu.


-----------------------------------------
 * Une fois AdwCleaner utilisé et posté son rapport :

Utilise cet autre outil pour  vérification :

Junkware Removal Tool et poste le rapport : http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html 



A+

phk30 · Answer

Je répond avec mon mobile j'ai essayer de télécharger mais le pc c'est bloqué alors j'ai éteint et démarrer en sans échec j'essaye un malware bytes et poste le rapport ensuite je vais essayer de faire le téléchargement et vous préciserai la fenêtre qui s'ouvre et m'indique le problème. Merci pour votre réponse rapide.

phk30 · Answer

adwcleaner est telecharger mais une fenetre souvre User account control qui dit Do you want to allow the program from the following program from a unknow publisher to make to this computer yes or no quand je clic sur yes l ecran se grise et le programme ne souvre pas cest la meme chose pour malware et avira dois vraiment essayer en mode sans echec

cabrier · Answer

pk30 tu l'as lancé en mode administrateur ou en mode sans échec ?

Ton antivirus c'est Avast ?

A+

 
 
--------Contributeur Sécurité---------
Heureux ceux qui peuvent donner sans s'en souvenir et prendre sans oublier !

phk30 · Answer

# AdwCleaner v3.022 - Report created 16/03/2014 at 15:32:32
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Win7_64 - GFHISYJQMFN45DX
# Running from : C:\Users\Win7_64\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\RegClean
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Users\Win7_64\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Win7_64\AppData\Local\iLivid
Folder Deleted : C:\Users\Win7_64\AppData\Local\ilividmoviestoolbarha
Folder Deleted : C:\Users\Win7_64\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Win7_64\AppData\LocalLow\ilividmoviestoolbarha
Folder Deleted : C:\Users\Win7_64\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Win7_64\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\baidu
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\ilividmoviestoolbarha
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\Smartbar
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\CT3289075
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Folder Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\invalidprefs.js
File Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	bdelta.exetoolbar783881609.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll

***** [ Browsers ] *****

-\ Internet Explorer v8.0.7601.17514


-\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\prefs.js ]

Line Deleted : user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.FirstTime", "true");
Line Deleted : user_pref("CT3289075.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289075.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289075.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3289075.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3289075.SF_USER_ID", "%E9%EF%EA%E5%B7%BE%B7%B8%B8%B6%B7%B9%B7%BA%B7%B7%BB%B8%BC%BD%BB%BC%BF%BC%B9");
Line Deleted : user_pref("CT3289075.SF_USER_ID.enc", "Y2lkXzE4MTIyMDEzMTQxMTUyNjc1Njk2Mw==");
Line Deleted : user_pref("CT3289075.UserID", "UN11074005932702424");
Line Deleted : user_pref("CT3289075._key_cl_active", "%EB%BE%BF%E9%B7%BE%EB%BD%B3%B9%BE%E7%E8%B3%BA%E9%B8%B6%B3%BF%BD%E7%B7%B3%BA%EB%BD%E9%BF%BF%BB%E9%E9%B7%B7%E9");
Line Deleted : user_pref("CT3289075._key_cl_active.enc", "ZTg5YzE4ZTctMzhhYi00YzIwLTk3YTEtNGU3Yzk5NWNjMTFj");
Line Deleted : user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289075.cb_user_id_000", "%C9%C8%BF%BB%B6%B7%BE%B8%B6%B7%B9%B9%BA%BF%E5%B7%B9%BE%BB%B7%BF%B6%BF%BD%BF%B6%B6%B6%E5%CC%EF%F8%EB%EC%F5%FE");
Line Deleted : user_pref("CT3289075.cb_user_id_000.enc", "Q0I5NTAxODIwMTMzNDlfMTM4NTE5MDk3OTAwMF9GaXJlZm94");
Line Deleted : user_pref("CT3289075.cbfirsttime", "%CC%F8%EF%A6%D4%F5%FC%A6%B6%BE%A6%B8%B6%B7%B9%A6%B6%B6%C0%B8%BB%C0%B9%BB%A6%CD%D3%DA%B1%B6%BD%B6%B6%A6%AE%D9%CB%A6%C7%F9%EF%E7%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3289075.cbfirsttime.enc", "RnJpIE5vdiAwOCAyMDEzIDAwOjI1OjM1IEdNVCswNzAwIChTRSBBc2lhIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3289075.countryCode", "TH");
Line Deleted : user_pref("CT3289075.embeddedsData", "[{\"appId\":\"130064539389933152\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289075.enableAlerts", "always");
Line Deleted : user_pref("CT3289075.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289075.fullUserID", "UN11074005932702424.IN.20131108000849");
Line Deleted : user_pref("CT3289075.installType", "DirectDownload");
Line Deleted : user_pref("CT3289075.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=15&CUI=UN11074005932702424&SSPV=&Lay=1&UM=1\"}");
Line Deleted : user_pref("CT3289075.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT3289075.mam_gk_appStateReportTime", "%B7%B9%BE%BD%B9%BB%B6%BD%B6%BD%BC%B8%BA");
Line Deleted : user_pref("CT3289075.mam_gk_appStateReportTime.enc", "MTM4NzM1MDcwNzYyNA==");
Line Deleted : user_pref("CT3289075.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3289075.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3289075.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3289075.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3289075.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3289075.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3289075.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3289075.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3289075.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3289075.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3289075.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3289075.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3289075.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3289075.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3289075.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3289075.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3289075.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3289075.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
Line Deleted : user_pref("CT3289075.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
Line Deleted : user_pref("CT3289075.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3289075.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3289075.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3289075.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3289075.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3289075.mam_gk_lastLoginTime", "%B7%B9%BE%BD%B9%BB%B6%BD%B6%BE%BD%B7%BE");
Line Deleted : user_pref("CT3289075.mam_gk_lastLoginTime.enc", "MTM4NzM1MDcwODcxOA==");
Line Deleted : user_pref("CT3289075.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3289075.mam_gk_mamEnabled", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3289075.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289075.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3289075.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3289075.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3289075.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289075.mam_gk_settings1.12.0.5", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3289075.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMTgiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3289075.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3289075.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289075.mam_gk_stamp", "%BE%BA%E5%B6");
Line Deleted : user_pref("CT3289075.mam_gk_stamp.enc", "ODRfMA==");
Line Deleted : user_pref("CT3289075.mam_gk_userId", "%B7%BD%B8%B8%E9%E7%BF%EB%B3%B6%B6%E7%BC%B3%BA%BA%EA%E9%B3%E7%BE%B9%BF%B3%BF%BB%B6%BE%E9%E9%E7%BF%EA%E8%EB%EC");
Line Deleted : user_pref("CT3289075.mam_gk_userId.enc", "MTcyMmNhOWUtMDBhNi00NGRjLWE4MzktOTUwOGNjYTlkYmVm");
Line Deleted : user_pref("CT3289075.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3289075.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3289075.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3289075.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3289075.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentControlv6.OurToolbar.com/\",\"[...]
Line Deleted : user_pref("CT3289075.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3289075.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289075.search.searchAppId", "130064539389933152");
Line Deleted : user_pref("CT3289075.search.searchCount", "0");
Line Deleted : user_pref("CT3289075.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT3289075.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289075.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3289075.searchUserMode", "1");
Line Deleted : user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289075\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv6.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v6 \"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289075.serviceLayer_services_Configuration_lastUpdate", "1387350608325");
Line Deleted : user_pref("CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387350609050");
Line Deleted : user_pref("CT3289075.serviceLayer_services_appsMetadata_lastUpdate", "1387350608281");
Line Deleted : user_pref("CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387350609349");
Line Deleted : user_pref("CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387350609572");
Line Deleted : user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1387350611508");
Line Deleted : user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1387350605871");
Line Deleted : user_pref("CT3289075.serviceLayer_services_setupAPI_lastUpdate", "1387350611174");
Line Deleted : user_pref("CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387350609222");
Line Deleted : user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1387350609720");
Line Deleted : user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1387350667146");
Line Deleted : user_pref("CT3289075.settingsINI", true);
Line Deleted : user_pref("CT3289075.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289075.smartbar.CTID", "CT3289075");
Line Deleted : user_pref("CT3289075.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");
Line Deleted : user_pref("CT3289075.toolbarBornServerTime", "23-11-2013");
Line Deleted : user_pref("CT3289075.toolbarCurrentServerTime", "23-11-2013");
Line Deleted : user_pref("CT3289075.toolbarLoginClientTime", "Wed Dec 18 2013 14:10:06 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388246083830,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Hao123 toolbar\",\"description\":\"Hao123 toolbar\",\"button\":{\"tooltip\":\"Search\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%a[...]
Line Deleted : user_pref("extensions.kango.storage.minibar.homepageSet", "\"1\"");
Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAED0lEQVQ4ja3MTU+TBwDA8X4Ij7pEDDqUqDHb3FzmoRqjyaaZS4wuJh7U7WCiJFMRKDqth[...]
Line Deleted : user_pref("smartbar.machineId", "CDDGPEB7OQRZW2VEDXIJMQSCTKJF0BJLSLFDV6OIOLTIMXHC+R0VV3T4CCB9NDYZ2TSQJT/BHGKX6D7EKBOBJW");

-\ Google Chrome v

[ File : C:\Users\Win7_64\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [23144 octets] - [16/03/2014 15:29:11]
AdwCleaner[S0].txt - [23059 octets] - [16/03/2014 15:32:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23120 octets] ##########

phk30 · Answer

antivirus avira, adwcleaner lance en mode sans echec

cabrier · Answer

phk30,


Ok très bien,


Tu fais le JRT maintenant ! 
 https://forums.commentcamarche.net/forum/affich-29887615-pc-sous-w7-ouverture-tres-longue#1

phk30 · Answer

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Win7_64 on Sun 03/16/2014 at 16:40:41.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\apntbmon
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r974-n-bc_2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r974-n-bc_2_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r974-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r974-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_C-r834-t-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_C-r834-t-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_D-r834-t-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_D-r834-t-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r974-n-bc_2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r974-n-bc_2_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r974-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r974-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_C-r834-t-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_C-r834-t-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_D-r834-t-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_D-r834-t-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54BB0F59-14C2-4485-98DA-67D0B3C6E9B3}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Win7_64\AppData\Roaming	hinstall"
Successfully deleted: [Folder] "C:\Users\Win7_64\appdata\local	hinstall"
Successfully deleted: [Folder] "C:\Users\Win7_64\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\Win7_64\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{01A9A56E-1E4D-4C3F-9DED-F6B6CF39F91C}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{4416042B-6295-42FB-9822-875178DFC436}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{66854554-BCE2-48D1-82B8-1DEEAB94A5BC}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{6F94FF7D-2030-4D90-9ABB-8BF94503E9B1}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{89818154-7B49-4FF6-991C-2739227D4825}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{955E3D87-D4AC-4374-9355-3220688650EF}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{A644D58A-CF4A-4E8A-8E02-882C74BF7D0B}
Successfully deleted: [Empty Folder] C:\Users\Win7_64\appdata\local\{DF32B142-DCC3-48E3-A124-F67F80E03DFF}



~~~ FireFox

Emptied folder: C:\Users\Win7_64\AppData\Roaming\mozilla\firefox\profiles
kailokn.default\minidumps [5 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Win7_64\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/16/2014 at 16:43:28.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cabrier · Answer

Bien, le nettoyage continue !


* Télécharge Malwaresbytes anti malware 

* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installation ) et mets le à jour .
* Tu as un tuto si tu en as besoin : tuto

* Avant de lancer le programme Déconnecte toi d'Internet et ferme toutes tes applications.

* /I\ Sous Vista ou Seven ---> clic droit "Exécuter en tant qu'administrateur"/I\
* Clique sur l'onglet "Mise à jour" si celle ci ne t'a pas été proposée lors de l'installation.
* Clique ensuite sur l'onglet "Recherche" puis coche "Exécuter un examen Complet"
* Le scan peut durer plusieurs heures, aussi ne t'impatiente pas et laisse tourner le programme sans rien faire d'autre sur ta machine.
* Lorsque le scan est terminé clique sur "Afficher les résultats"
* Vérifie que toutes les lignes des objets infectés soient cochées, puis clique sur "Supprimer la sélection"

PS : Redémarre ta machine pour achever le nettoyage.

* Enregistre-le rapport de Suppression (onglet "rapport/log", le dernier en date) dans un endroit approprié pour le retrouver et héberge-le sur cijoint ou  pjoint

*  Envoie-moi le lien fourni dans ta prochaine réponse.

A+

----------------------------------------------
MBAM PLANTE OU PAS MIS A JOUR /

* Si tu n'arrive pas à mettre MBAM à jour, télécharge ce fichier :
http://data.mbamupdates.com/tools/mbam-rules.exe , ferme MBAM, et exécute le

1) Si MBAM plante :
Démarre en Mode sans échec avec prise en charge réseau  
* Pour cela, tu tapotes la touche F8 dès le début de l'allumage du pc sans t'arrêter 
* Une fenêtre va s'ouvrir tu te déplaces avec les flèches du clavier sur >> démarrer en Mode sans échec avec prise en charge réseau puis tape entrée. 
* Une fois sur le bureau s'il n'y a pas toutes les couleurs et autres c'est normal! 
(Si F8 ne marche pas utilise la touche F5) 
2/ Ensuite 
Lance Malwarebytes comme déjà expliqué et poste le rapport stp

phk30 · Answer

scan mbam en cours depuis 45mn,je vous poste le rapport ensuite merci a bientot

phk30 · Answer

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.16.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Win7_64 :: GFHISYJQMFN45DX [administrator]

16/3/2557 17:40:59
mbam-log-2014-03-16 (17-40-59).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 425166
Time elapsed: 45 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} (PUP.Optional.SmileysWeLove.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@WebexpEnhancedV1alpha643.net (PUP.Optional.WebExpEnhanced.A) -> Data: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha643\ff -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 34
C:\AdwCleaner\Quarantine\C\Users\Win7_64\AppData\Local\Bundled software uninstaller\biSetup15314.exe.vir (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\IDM\DwnlData\Win7_64\www_01net_com_403\www_01net_com (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF10.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF11.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF12.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF13.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF14.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF15.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF16.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF17.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF18.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF19.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF2.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF20.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF21.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF22.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF23.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF24.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF25.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF26.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF27.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF4.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF5.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF6.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF7.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF8.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\AppData\Roaming\Mozilla\Firefox\Profiles
kailokn.default\extensions\{8B7392AD-5489-9CED-73C1-FB2B374867EC}\components\DatamngrHlpFF9.dll (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\Downloads\Skillpbfree v9.rar (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\Win7_64\Downloads\Compressed\Skillpbfree v9.rar (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\Win7_64\Downloads\Programs\FLVPlayerSetup-8KxGLObN.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\Downloads\Programs\FLVPlayerSetup-8KxGLObN_2.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\Downloads\Programs\FreeZipSetup-bB0pds2T.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Win7_64\Downloads\Programs\Offercast2802_AVR3V6_2.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
D:\New folder (5)\Fairy-On-Ice_downloader.exe (PUP.Optional.YourfileDownloader) -> Quarantined and deleted successfully.

(end)

phk30 · Answer

je suis actuellement en mode sans echec sur le net, le pc est encore tres long a ouvrir merci

cabrier · Answer

phk30,

Avant de faire un scan complet de ton PC et voir ce qui reste.

Tu vas faire ceci :

Télécharge sur le bureau Roguekiller (by tigzy)
Choisis la version correspondant à ta machine (x64 si 64 bits)
*    Quitte tous les programmes en cours
*    Lance RogueKiller.exe.
*    Attends que le Prescan ait fini ...
Une fenêtre apparait sur l'accord de licence "Accepte"
*    Clique sur Scan.

Clique sur Rapport et copie/colle le contenu du notepad

(le rapport est également sur le bureau)

* Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois, ou renomme le en winlogon.exe 

Et si ça ne marche toujours pas , lance le en mode sans échec avec prise en charge du réseau.
====================
Aide ici : https://www.malekal.com/demarrer-windows-mode-sans-echec/

A+

phk30 · Answer

RogueKiller V8.8.11 [Mar 14 2014] par Adlice Software mail : https://www.adlice.com/contact/ Remontees : https://forum.adlice.com/ Site Web : http://www.surlatoile.org/RogueKiller/ Blog : https://www.adlice.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode sans echec avec prise en charge reseau Utilisateur : Win7_64 [Droits d'admin] Mode : Suppression -- Date : 16/03/2014 19:51:25 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 17 ¤¤¤ [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [x]) -> SUPPRIMÉ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) HGST HTS541075A9E680 +++++ --- User --- [MBR] e0e9b1d55f1329f1b7cd187881402be2 [BSP] 5d772e10727e73a839699ec65e94b695 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 123979 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 253913025 | Size: 591421 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_16032014_195125.txt >> RKreport[0]_S_03162014_194922.txt

cabrier · Answer

OK


Bon un scan complet,


mais désolé je ne te reprendrai qu'en fin d'a.m. !

Peux-tu utiliser ce logiciel de diagnostic, ça me permettra de t'aider :


* Télécharge >ZHPDiag< (de Nicolas Coolman) sur ton bureau,
/!\Il est très important de l'enregistrer sur le bureau / !\  
* Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et laisse se dérouler l'installation
/!\L'outil a créé 2 icônes ZHPDiag , ZHPFix /!\
/!\Utilisateurs de Vista et Windows 7 : Clic droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur » /!\
* A l'ouverture le programme te proposes "Rechercher" et "Configurer" 

- Clique sur "Configurer"
* Des icônes apparaissent en bas de la fenêtre.  Clique sur le tournevis en bas à droite et choisis "Tous" puis "OK"

- Clique sur "Rechercher".
* ZHPDiag va alors analyser le contenu de ton ordinateur à la recherche d'informations sur ton système d'exploitation, la base de registre... Patiente jusqu'à la fin de l'analyse. Il peut arriver que le logiciel donne l'impression d'être bloqué ; patiente !
* Laisse l'outil travailler, il peut être assez long. 
* Le rapport s'ouvre dans le bloc note, ferme le car il est aussi enregistré sur ton bureau sous le nom ZHPDiag.txt et dans le dossier où est installé ZHPDiag (en général C:\ZHP\). 
* Transmets moi le lien du fichier par l'intermédiaire d'un dépôt de fichiers.
* Rappel des dépôts : cijoint ou  pjoint

PS Voici un tuto pour t'aider si besoin !
http://nicolascoolman.webs.com/tutorials.htm




A+

phk30 · Answer

voici le lien ci joint toujours en mode sans echec, https://www.cjoint.com/c/DCqrnysWiVN

cabrier · Answer

phk30

Tu passes par un fournisseur d'accès Thailandais ?



Ce script va cibler certains éléments à supprimer :

*    Ferme toutes tes applications en cours
*    Sélectionne et copie toutes les lignes en gras et italique suivantes :


Script ZHPFix
O3 - Toolbar: (no name) - [HKLM]{CF0F43AB-9C23-4D7B-8040-201B82844854} Orphan key
O42 - Logiciel: Smileys We Love Toolbar for IE - (.SqueekyChocolate, LLC.) [HKLM][64Bits] -- {DD36B76E-AAC3-4BB7-9946-A5FBBE121C33} 
[HKCU\Software\Baidu Security]
[HKLM\Software\HAL7600]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Better Surf Plus]
[HKLM\Software\Wow6432Node\Better-Surf]
O43 - CFD: 27/8/2013 - 9:04:33 - [13.323] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 17/8/2013 - 21:44:10 - [179.030] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27/8/2013 - 9:04:30 - [20.358] ----D C:\Users\Win7_64\AppData\Roaming\Baidu Security
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - https://th.search.yahoo.com/ 
O90 - PUC: "E67B63DD3CAA7BB499645ABFEB21C133" . (.Smileys We Love Toolbar for IE.) -- C:\Windows\Installer\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}\_853F67D554F05449430E7E.exe 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}] 
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
C:\Program Files (x86)\Baidu Security 
C:\ProgramData\Baidu Security 
C:\Users\Win7_64\AppData\Roaming\Baidu Security
[HKCU\Software\Baidu Security]
[HKLM\Software\HAL7600]
[HKLM\Software\Wow6432Node\Baidu Security] 
[HKLM\Software\Wow6432Node\Better-Surf]
ShortcutFix 
HOSTFix
PROXYFix
EmptyPrefetch
EmptyTemp
EmptyCLSID


*    Lance ZHPFix via le raccourci sur ton Bureau, (Si tu es sous Vista ou Windows 7 ou Windows 8 n'oublie pas clic droit ==> en tant qu'administrateur")
*    Si tu obtiens le message "Voulez-vous autoriser le programme suivant..."Tu réponds "Oui"
*    Clique sur le bouton "IMPORTER"
*    Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes

*    Clique sur le bouton «GO» pour le lancer le nettoyage
*    A la demande, confirme le nettoyage des données en cliquant sur [OK]
*    Patiente le temps du traitement.
*    ZHPFix va te demander si tu souhaites vider ta corbeille, clique sur ton choix (le traitement peut être long suivant la quantité de données à supprimer)
*    Un rapport nommé ZHPFixReport.txt sera créé et sauvegardé sur le bureau
*    Ce rapport se trouve aussi ici C:\ZHP\ZHPFix[R1].txt
*    Copie/colle la totalité du rapport dans ta prochaine réponse

A+

phk30 · Answer

bonjour oui fournisseur thailandais
Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre : 
Run by Win7_64 at 17/3/2014 8:26:45
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 05s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
REMOVES: Smileys We Love Toolbar for IE

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}]
REMOVES: HKCU\Software\Baidu Security
REMOVES:* HKLM\Software\HAL7600
REMOVES: HKLM\Software\Wow6432Node\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\Better Surf Plus
REMOVES: HKLM\Software\Wow6432Node\Better-Surf
REMOVES: SearchScopes :{DECA3892-BA8F-44b8-A993-A466AD694AE4}
REMOVES: [HKLM\Software\Classes\Installer\Products\E67B63DD3CAA7BB499645ABFEB21C133]
REMOVES: [HKLM\Software\Classes\Installer\Features\E67B63DD3CAA7BB499645ABFEB21C133]

========== Registry values ==========
REMOVES: Toolbar: {CF0F43AB-9C23-4D7B-8040-201B82844854}
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (202) (3,924,899 octets)

========== HOSTS file ==========
The Hosts file is not repaired, please disable your antivirus software.


========== Summary ==========
9 : Registry keys
7 : Registry values
1 : Folders
1 : Files
1 : Software
1 : HOSTS file


End of clean in 00mn 31s

========== Path to file report ==========
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/3/2014 8:26:51 [1768]

phk30 · Answer

Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre : 
Run by Win7_64 at 17/3/2014 9:44:44
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 01s)
Prefetcher emptied
Repair of browser shortcuts

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (4) (50,088 octets)


========== Summary ==========
6 : Registry values
1 : Folders
1 : Files


End of clean in 00mn 02s

========== Path to file report ==========
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/3/2014 8:26:51 [1848]
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R2].txt - 17/3/2014 9:44:45 [933]

phk30 · Answer

Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre : 
Run by Win7_64 at 17/3/2014 13:57:52
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 02s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
REMOVES: Smileys We Love Toolbar for IE

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}]
REMOVES: HKCU\Software\Baidu Security
REMOVES:* HKLM\Software\HAL7600
REMOVES: HKLM\Software\Wow6432Node\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\Better Surf Plus
REMOVES: HKLM\Software\Wow6432Node\Better-Surf
REMOVES: SearchScopes :{DECA3892-BA8F-44b8-A993-A466AD694AE4}
REMOVES: [HKLM\Software\Classes\Installer\Products\E67B63DD3CAA7BB499645ABFEB21C133]
REMOVES: [HKLM\Software\Classes\Installer\Features\E67B63DD3CAA7BB499645ABFEB21C133]

========== Registry values ==========
REMOVES: Toolbar: {CF0F43AB-9C23-4D7B-8040-201B82844854}
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (75) (120,683,085 octets)

========== HOSTS file ==========
The Hosts file is not repaired, please disable your antivirus software.


========== Summary ==========
9 : Registry keys
7 : Registry values
1 : Folders
1 : Files
1 : Software
1 : HOSTS file


End of clean in 01mn 04s

========== Path to file report ==========
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/3/2014 8:26:51 [1848]
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R2].txt - 17/3/2014 9:44:45 [1012]
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R3].txt - 17/3/2014 13:57:55 [1930]
voici le rapport zhpfix que je viens de faire en mode normal, jai fais un restore system dans une version precedente et refait un zhpfix.

phk30 · Answer

jai refait toute la procedure et voici le derneir rapport zhpdiag merci a bientot.
https://www.cjoint.com/?DCrksu09blo

cabrier · Answer

phk30,

Mets à jour IE avec la version 10 ! Tu en est toujours à la 8 et elle présente des failles de sécurité !
http://www.microsoft.com/fr-fr/download/internet-explorer-10-details.aspx

C'est mieux ou toujours pareil ?

Sur le dernier rapport, il ne reste pas grand chose ! (des restes d'infection mais sans conséquences)

Ce script va cibler certains éléments à supprimer :

*    Ferme toutes tes applications en cours
*    Sélectionne et copie toutes les lignes en gras et italique suivantes :


Script ZHPFix
[MD5.00000000000000000000000000000000] [APT] [{28509FDA-11E6-4D85-841F-9E16D59B415B}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{2F3A93E8-F9A0-461B-8337-257FB924A282}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4C252B3D-B980-40C8-9A6E-C9D7D378BA57}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0] 
[MD5.00000000000000000000000000000000] [APT] [{51A28227-A444-410A-BCE3-CEA6FE15D254}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{65BA2C67-4C2D-48CF-872B-DDBA8F68A5B2}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{86CB8369-5958-43A1-B5C6-CE3F03A9122A}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E42B244A-A369-4D4E-9C28-907A3FF49B00}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{FA27C536-D929-4124-BAF5-831994574230}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.)   [0]
O42 - Logiciel: Yahoo! Toolbar - (...) [HKLM][64Bits] -- Yahoo! Companion
OPT:O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
OPT:O4 - HKUS\S-1-5-21-2860923661-2770646633-3427773130-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
ShortcutFix 
HOSTFix
EmptyPrefetch
EmptyTemp
EmptyCLSID


*    Lance ZHPFix via le raccourci sur ton Bureau, (Si tu es sous Vista ou Windows 7 ou Windows 8 n'oublie pas clic droit ==> en tant qu'administrateur")
*    Si tu obtiens le message "Voulez-vous autoriser le programme suivant..."Tu réponds "Oui"
*    Clique sur le bouton "IMPORTER"
*    Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes

*    Clique sur le bouton «GO» pour le lancer le nettoyage
*    A la demande, confirme le nettoyage des données en cliquant sur [OK]
*    Patiente le temps du traitement.
*    ZHPFix va te demander si tu souhaites vider ta corbeille, clique sur ton choix (le traitement peut être long suivant la quantité de données à supprimer)
*    Un rapport nommé ZHPFixReport.txt sera créé et sauvegardé sur le bureau
*    Ce rapport se trouve aussi ici C:\ZHP\ZHPFix[R1].txt
*    Copie/colle la totalité du rapport dans ta prochaine réponse

A+
Si c'est ok on passera aux désinstallations !

phk30 · Answer

Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre : 
Run by Win7_64 at 18/3/2014 9:24:57
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 02s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\progra~2\yahoo!\common\unyt_w~1.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (249) (60,530,863 octets)

========== Scheduled task ==========
REMOVES: {28509FDA-11E6-4D85-841F-9E16D59B415B}
REMOVES: {2F3A93E8-F9A0-461B-8337-257FB924A282}
REMOVES: {4C252B3D-B980-40C8-9A6E-C9D7D378BA57}
REMOVES: {51A28227-A444-410A-BCE3-CEA6FE15D254}
REMOVES: {65BA2C67-4C2D-48CF-872B-DDBA8F68A5B2}
REMOVES: {86CB8369-5958-43A1-B5C6-CE3F03A9122A}
REMOVES: {E42B244A-A369-4D4E-9C28-907A3FF49B00}
REMOVES: {FA27C536-D929-4124-BAF5-831994574230}

========== Other ==========
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{28509FDA-11E6-4D85-841F-9E16D59B415B}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{2F3A93E8-F9A0-461B-8337-257FB924A282}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{4C252B3D-B980-40C8-9A6E-C9D7D378BA57}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{51A28227-A444-410A-BCE3-CEA6FE15D254}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{65BA2C67-4C2D-48CF-872B-DDBA8F68A5B2}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{86CB8369-5958-43A1-B5C6-CE3F03A9122A}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{E42B244A-A369-4D4E-9C28-907A3FF49B00}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [{FA27C536-D929-4124-BAF5-831994574230}] (...) -- c:\program files (x86)\baidu\spark\spark.exe (.not file.) [0]


========== Summary ==========
1 : Registry keys
1 : Folders
1 : Files
1 : Software
8 : Scheduled task
8 : Other


End of clean in 00mn 20s

========== Path to file report ==========
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/3/2014 8:26:51 [1848]
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R2].txt - 17/3/2014 9:44:45 [1012]
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R3].txt - 17/3/2014 13:57:55 [2011]
C:\Users\Win7_64\AppData\Roaming\ZHP\ZHPFix[R4].txt - 18/3/2014 9:24:59 [2974]

phk30 · Answer

bonjour est il utile de mettre a jour IE si il n est pas utiliser merci a bientot. jai essayer de linstaller mais il ne supporte pas la version, peut un probleme de langue. merci a bientot.

cabrier · Answer

phk30,


IE si tu ne t'en sert jamais ---> laisse tomber. Mais en règle générale comme les anciennes versions présentent des failles de sécurité, il vaut mieux un IE à jour, même non utilisé.


Bon on termine !

Les programmes que nous avons utilisés ne doivent pas être conservés. 
Beaucoup d'entre eux peuvent être dangereux et entrainer des dommages irréversibles sur ton système s'ils sont utilisés sans l'aide d'une personne qualifiée, de plus, fréquemment modifiés et mis à jour par leurs auteurs ils deviennent très rapidement obsolètes, en plus d'encombrer inutilement ton bureau.

1. Désinstallation des outils et purge de la Restauration système

- Télécharge DelFix (d'Xplode) sur ton bureau. 
- Lance le, (avec Vista/Seven, clic droit dessus, et sur exécuter en tant qu'administrateur) 
- Sélectionne "Réactiver l'UAC" 
- Sélectionne "Supprimer les outils de désinfection" 
- Sélectionne également "Purger la restauration système"
- Clique sur "Exécuter"
- Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.

Attention : Chaque fois que tu relances Delfix le rapport précédent est supprimé, alors ne l'exécute qu'une fois avec les options cochées.

 
 A+

phk30 · Answer

# DelFix v10.6 - Logfile created 18/03/2014 at 14:59:31
# Updated 11/11/2013 by Xplode
# Username : Win7_64 - GFHISYJQMFN45DX
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\Win7_64\AppData\Roaming\ZHP
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\Users\Win7_64\Desktop\RK_Quarantine
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\Users\Win7_64\Desktop\adwcleaner.exe
Deleted : C:\Users\Win7_64\Desktop\JRT.exe
Deleted : C:\Users\Win7_64\Desktop\JavaRa-2.1.zip
Deleted : C:\Users\Win7_64\Desktop\RKreport[0]_D_03172014_160449.txt
Deleted : C:\Users\Win7_64\Desktop\RKreport[0]_S_03172014_160435.txt
Deleted : C:\Users\Win7_64\Desktop\RogueKiller.exe
Deleted : C:\Users\Win7_64\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Win7_64\Desktop\ZHPDiag.txt
Deleted : C:\Users\Win7_64\Desktop\ZHPDiag2.exe
Deleted : C:\Users\Win7_64\Desktop\ZHPFix.lnk
Deleted : C:\Users\Win7_64\Desktop\ZHPFixReport.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #62 [point1 | 03/18/2014 04:29:37]
Deleted : RP #63 [Installed Java 7 Update 51 | 03/18/2014 05:02:57]
Deleted : RP #64 [Installed Java(TM) 6 Update 26 | 03/18/2014 05:21:28]
Deleted : RP #65 [Removed Java(TM) 6 Update 26 | 03/18/2014 05:22:59]

New restore point created !

########## - EOF - ##########

phk30 · Answer

finallement jai installe IE en anglais et cest passe ok merci a bientot.

cabrier · Answer

OK terminé, j'indique le sujet comme résolu !

phk30 · Answer

ok merci beaucoup pour votre aide. Sawadee krap from thailand.

Pc sous W7 ouverture tres longue

29 réponses

Newsletters