Fenêtres de pub intempestives

[ahma]

Bonjours à tous, je suis nouveau sur le forum. Et c'est la première fois que je m'inscris à un forum.
Je cherche de l'aide car je pense que mon ordinateur est infecté. A tout moment, des fenêtres de pub s'ouvre que je sois sur internet ou pas. J'ai nettoyé le disque plusieurs fois, supprimé les cookies, rien n'y fait. Alors si quelqu'un a une solution miracle? Je suis preneur et avec toute ma gratitude.
Merci.
Ahma

[docpc]

salut et bienvenue,

tu as des redirections lors de recherche sur internet???


Télécharge Malwarebytes' Anti-Malware (MBAM)
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

• Ferme toutes tes applications en cours, et tes navigateurs
• ]Double clique sur le fichier téléchargé pour lancer le processus d'installation.
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
• Sélectionne "Exécuter un examen rapide"
• *Clique sur "Rechercher"
• L'analyse démarre, le scan est relativement long, c'est normal.
• A la fin de l'analyse, un message s'affiche :
  L'examen s'est terminé normalement.
  Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
  
  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

• tuto: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php


NB : Si MBAM te demande à redémarrer, fais-le.

puis:
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

@+

[ahma]

Merci de ton aide. Voici le rapport obtenu avec MBAM:

Code: Tout sélectionner

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Version de la base de données: 8095

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

06/11/2011 11:50:58
mbam-log-2011-11-06 (11-50-58).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 163821
Temps écoulé: 4 minute(s), 50 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
c:\program files\PCTuto\pctuto.exe (Adware.Eorezo) -> 2900 -> Unloaded process successfully.
c:\documents and settings\admin\application data\PCtuto\updatepctuto\autoupdater.exe (Trojan.Eorezo) -> 1328 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Adware.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCTuto (Adware.Eorezo) -> Value: PCTuto -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoupdater (Trojan.Eorezo) -> Value: autoupdater -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\PCTuto\pctuto.exe (Adware.Eorezo) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\PCtuto\updatepctuto\autoupdater.exe (Trojan.Eorezo) -> Quarantined and deleted successfully.
c:\program files\PCTuto\pctutobho.dll (Adware.Eorezo) -> Quarantined and deleted successfully.
c:\program files\PCTuto\confmedia.cyp (Trojan.Eorezo) -> Quarantined and deleted successfully.

[ahma]

Ci-joint le rapport obtenu avec AdwCleaner (Je m'excuse si mes messages sont un peu brouillons, je ne maitrise pas encore tous les outils du forum)

Code: Tout sélectionner

# AdwCleaner v1.316 - Logfile created 11/06/2011 at 12:01:13
# Updated 10/31/11 at 10:00p.m by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - Z-088935AA2D0D4 (Limited Rights)
# Running from : C:\Documents and Settings\admin\Desktop\adwcleaner0.exe
# Option [Delete]


***** [KillNav] *****

No browsers was running.

***** [Processes] *****


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\admin\Application Data\OfferBox
Folder Deleted : C:\Documents and Settings\admin\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\admin\Application Data\PCtuto
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\PCTuto
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\PCTuto
Folder Deleted : C:\Program Files\OfferBox
Folder Deleted : C:\Program Files\PCTuto
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\Conduit
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\extensions\engine@conduit.com
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Navigateur OfferBox.lnk
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\PCTuto
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Offerbox
Key Deleted : HKLM\SOFTWARE\PCTuto
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Adobe\OpenCandy
Key Deleted : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer
Key Deleted : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PCTutoBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Offerbox Browser
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Registry is OK.

-\\ Mozilla Firefox v7.0.1 (fr)

Profile : 93zjgmst.default
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\prefs.js

C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\user.js ... Deleted !

Deleted : user_pref("CT2866295..clientLogIsEnabled", true);
Deleted : user_pref("CT2866295..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Deleted : user_pref("CT2866295..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Deleted : user_pref("CT2866295.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2866295.AppTrackingLastCheckTime", "Sat Feb 19 2011 10:21:57 GMT+0100");
Deleted : user_pref("CT2866295.CT2866295", "CT2866295");
Deleted : user_pref("CT2866295.CurrentServerDate", "19-2-2011");
Deleted : user_pref("CT2866295.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2866295.DialogsGetterLastCheckTime", "Tue Jan 11 2011 15:32:26 GMT+0100");
Deleted : user_pref("CT2866295.DownloadReferralCookieData", "");
Deleted : user_pref("CT2866295.ExternalComponentPollDate129363730260381540", "Fri Feb 18 2011 11:29:59 GMT+0100");
Deleted : user_pref("CT2866295.FirstServerDate", "11-1-2011");
Deleted : user_pref("CT2866295.FirstTime", true);
Deleted : user_pref("CT2866295.FirstTimeFF3", true);
Deleted : user_pref("CT2866295.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2866295.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2866295.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2866295.HasUserGlobalKeys", true);
Deleted : user_pref("CT2866295.Initialize", true);
Deleted : user_pref("CT2866295.InitializeCommonPrefs", true);
Deleted : user_pref("CT2866295.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2866295.InstalledDate", "Tue Jan 11 2011 15:32:27 GMT+0100");
Deleted : user_pref("CT2866295.InvalidateCache", false);
Deleted : user_pref("CT2866295.IsGrouping", false);
Deleted : user_pref("CT2866295.IsMulticommunity", false);
Deleted : user_pref("CT2866295.IsOpenThankYouPage", true);
Deleted : user_pref("CT2866295.IsOpenUninstallPage", true);
Deleted : user_pref("CT2866295.LanguagePackLastCheckTime", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2866295.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Deleted : user_pref("CT2866295.LastLogin_3.3.0.19", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2866295.Locale", "en");
Deleted : user_pref("CT2866295.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2866295.MCDetectTooltipShow", false);
Deleted : user_pref("CT2866295.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2866295.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2866295.RadioIsPodcast", false);
Deleted : user_pref("CT2866295.RadioLastCheckTime", "Fri Feb 04 2011 23:40:23 GMT+0100");
Deleted : user_pref("CT2866295.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2866295.RadioLastUpdateServer", "129400872459600000");
Deleted : user_pref("CT2866295.RadioMediaID", "21753727");
Deleted : user_pref("CT2866295.RadioMediaType", "Media Player");
Deleted : user_pref("CT2866295.RadioMenuSelectedID", "EBRadioMenu_CT286629521753727");
Deleted : user_pref("CT2866295.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2866295.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2866295.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2866295.SavedHomepage", "hxxp://www.google.fr/");
Deleted : user_pref("CT2866295.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2866295.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&q=");
Deleted : user_pref("CT2866295.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2866295.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2866295.SearchInNewTabLastCheckTime", "Sat Feb 19 2011 10:21:46 GMT+0100");
Deleted : user_pref("CT2866295.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Deleted : user_pref("CT2866295.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Deleted : user_pref("CT2866295.ServiceMapLastCheckTime", "Sat Feb 19 2011 10:21:46 GMT+0100");
Deleted : user_pref("CT2866295.SettingsLastCheckTime", "Sat Feb 19 2011 12:36:54 GMT+0100");
Deleted : user_pref("CT2866295.SettingsLastUpdate", "1297970948");
Deleted : user_pref("CT2866295.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2866295.ThirdPartyComponentsLastCheck", "Tue Feb 01 2011 21:18:26 GMT+0100");
Deleted : user_pref("CT2866295.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2866295.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2866295.Uninstall", true);
Deleted : user_pref("CT2866295.UserID", "UN47844074170952344");
Deleted : user_pref("CT2866295.ValidationData_Search", 2);
Deleted : user_pref("CT2866295.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2866295.WeatherNetwork", "");
Deleted : user_pref("CT2866295.WeatherPollDate", "Sat Feb 05 2011 18:00:11 GMT+0100");
Deleted : user_pref("CT2866295.WeatherUnit", "C");
Deleted : user_pref("CT2866295.alertChannelId", "1258292");
Deleted : user_pref("CT2866295.approveUntrustedApps", true);
Deleted : user_pref("CT2866295.backendstorage._fb_dailyactivity", "31323936383539323234393336");
Deleted : user_pref("CT2866295.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2866295.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2866295.backendstorage.facebook_user_locale", "6672");
Deleted : user_pref("CT2866295.components.1000082", false);
Deleted : user_pref("CT2866295.components.1000234", false);
Deleted : user_pref("CT2866295.components.129400804515194683", false);
Deleted : user_pref("CT2866295.globalFirstTimeInfoLastCheckTime", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2866295.myStuffEnabled", true);
Deleted : user_pref("CT2866295.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2866295.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Deleted : user_pref("CT2866295.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2866295.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Deleted : user_pref("CT2866295.oldAppsList", "129363730258350254,129363730259600286,129363730260381540,1351900868972851174,1000082,129400804515194683,1000234,129417589124956435,129363730260850292,1000034,1000080,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012");
Deleted : user_pref("CT2866295.testingCtid", "");
Deleted : user_pref("CT2866295.toolbarAppMetaDataLastCheckTime", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.toolbarContextMenuLastCheckTime", "Tue Jan 11 2011 15:32:27 GMT+0100");
Deleted : user_pref("CT2866295.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1258292/1253965/FR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1295532/1291203/FR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2866295", "\"1297285337\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2903601", "\"1295951898\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"0652eeacc6cb1:0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"8039ce950b0cb1:aef\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2866295", "\"634333631231730000\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2903601", "\"634333631231730000\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634335443890000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2866295/CT2866295", "\"1297970948\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2903601/CT2903601", "\"1297969979\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634322696881670000\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634322696881670000\"");
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2866295");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.15");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2866295");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.15");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2866295");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2866295");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 06 2011 12:23:35 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Aug 28 2011 14:52:13 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Aug 28 2011 12:18:10 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "76649009-9e3f-4e4c-99df-3b331af9fdb4");
Deleted : user_pref("CommunityToolbar.globalUserId", "6aef15a9-57b9-44fa-b0ad-d856748d837b");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2903601");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 29 2011 21:53:45 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/11/2011 17");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Jan 11 2011 15:32:26 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN51667868482141746");
Deleted : user_pref("ConduitEngine.engineLocale", "fr");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&SearchSource=3&q={searchTerms}");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&q=");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{06B1CB6C-DD1E-11E0-A5EC-00A0D5FFF985}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v [Impossible d'obtenir la version]

File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Supprimée :       "host_referral_list": [ 2, [ "hxxp://ad-emea.doubleclick.net/", [ "hxxp://akamai.smartadserver.com/", 2.2733802, "hxxp://at.alenty.com/", 2.2733802, "hxxp://s0.2mdn.net/", 2.9340205999999998, "hxxp://www.smartadserver.com/", 2.2733802, "hxxp://www.youtube.com/", 1.32060461512 ] ], [ "hxxp://ad-g.doubleclick.net/", [ "hxxp://akamai.smartadserver.com/", 2.2733802, "hxxp://at.alenty.com/", 2.2733802, "hxxp://s0.2mdn.net/", 2.9340205999999998, "hxxp://www.smartadserver.com/", 2.2733802 ] ], [ "hxxp://fr-fr.facebook.com/", [ "hxxp://static.ak.fbcdn.net/", 13.4975757810127 ] ], [ "hxxp://googleads.g.doubleclick.net/", [ "hxxp://s0.2mdn.net/", 2.2733802 ] ], [ "hxxp://home.sweetim.com/", [ "hxxp://search.sweetim.com/", 1.2772748859186118 ] ], [ "hxxp://s.ytimg.com/", [ "hxxp://ad-emea.doubleclick.net/", 5.576582199999999, "hxxp://googleads.g.doubleclick.net/", 2.6037003999999997, "hxxp://o-o.preferred.orange-par1.v13.lscache7.c.youtube.com/", 2.2733802, "hxxp://o-o.preferred.orange-par1.v17.lscache3.c.youtube.com/", 2.2733802, "hxxp://s.youtube.com/", 2.2733802, "hxxp://s.ytimg.com/", 3.2643407999999994, "hxxp://s0.2mdn.net/", 6.567542799999998, "hxxp://s2.youtube.com/", 2.6037003999999997, "hxxp://www.youtube.com/", 3.924981199999999 ] ], [ "hxxp://s0.2mdn.net/", [ "hxxp://motifcdn2.doubleclick.net/", 2.6037003999999997, "hxxp://rmcdn.2mdn.net/", 3.2643407999999994 ] ], [ "hxxp://search.sweetim.com/", [ "hxxp://ac1.sweetim.com/", 0.6824651644855917, "hxxp://ad.xtendmedia.com/", 1.3479141918872282, "hxxp://ad.yieldmanager.com/", 0.9901118572977747, "hxxp://ak1.abmr.net/", 1.500430932, "hxxp://cdn.search.sweetim.com/", 3.941368130972893, "hxxp://content.yieldmanager.com/", 1.0610127567062837, "hxxp://content.yieldmanager.edgesuite.net/", 0.8430014247062838, "hxxp://cookex.amp.yahoo.com/", 0.4851990901168303 ] ], [ "hxxp://www.google.com/", [ "hxxp://www.google.fr/", 2.025335319191497 ] ], [ "hxxp://www.google.fr/", [ "hxxp://id.google.fr/", 1.0104242112421828, "hxxp://news.google.fr/", 1.212556265039816, "hxxp://ssl.gstatic.com/", 1.6710646112421825, "hxxp://www.google.fr/", 10.39659781063936 ] ], [ "hxxp://www.grand-cordel.com/", [ "hxxp://fonts.googleapis.com/", 3.202453282482282, "hxxp://l.longtailvideo.com/", 3.202453282482282, "hxxp://themes.googleusercontent.com/", 2.025335319191497, "hxxp://www.grand-cordel.com/", 22.919179167602913 ] ], [ "hxxp://www.youtube.com/", [ "hxxp://ad-emea.doubleclick.net/", 1.0896103779792, "hxxp://ad-g.doubleclick.net/", 0.7485534501984, "hxxp://csi.gstatic.com/", 1.4581155930992, "hxxp://googleads.g.doubleclick.net/", 2.2733802, "hxxp://i1.ytimg.com/", 2.5942162464175995, "hxxp://i2.ytimg.com/", 3.0337376619759997, "hxxp://i3.ytimg.com/", 4.513762422411199, "hxxp://i4.ytimg.com/", 3.849623270852799, "hxxp://s.ytimg.com/", 2.3307819230751994, "hxxp://www.youtube.com/", 2.2733802 ] ], [ "hxxp://www.yroyto.com/", [ "hxxp://www.google-analytics.com/", 2.319614810014193, "hxxp://www.yroyto.com/", 9.382322589758898 ] ] ],
Supprimée :       "startup_list": [ 1, "hxxp://ac1.sweetim.com/", "hxxp://ad.xtendmedia.com/", "hxxp://ad.yieldmanager.com/", "hxxp://ak1.abmr.net/", "hxxp://cdn.search.sweetim.com/", "hxxp://content.yieldmanager.com/", "hxxp://content.yieldmanager.edgesuite.net/", "hxxp://home.sweetim.com/", "hxxp://search.sweetim.com/", "hxxp://wpad/" ]
Supprimée :    "homepage": "hxxp://home.sweetim.com/?barid={06B1CB6C-DD1E-11E0-A5EC-00A0D5FFF985}",
File is OK.

*************************

AdwCleaner[S1].txt - [24245 octets] - [06/11/2011 12:01:13]

*************************

Temporary folder :  : 13 folder(s)et 54 file(s) deleted

########## EOF - C:\AdwCleaner[S1].txt - [24462 octets] ##########

[docpc]

salut,

relance AdwCleaner et click sur [désinstallation]
encore des problémes

@+

[ahma]

salut,

relance AdwCleaner et click sur [désinstallation]
encore des problémes

@+

Salut,
Apparemment cela fonctionne.
Merci infiniment pour cet aide.

[docpc]

salut,


C’est OK,
je t'invite à lire ceci:
Les PUPsLPIs http://www.malekal.com/2011/07/27/detec ... d-program/

Pour aller plus loin : Sécuriser son ordinateur (version courte)

@+

[Lokai]

Personnellement, en installant AdwCleaner et Adwords, je n'ai plus de problème. J'ai aussi passé un coup de CCleaner avant.
Pour ma configuration si ça peut aider, j'ai cette configuration de PC à 500 €.