Oxygène PC

Astuces, Sécurité & Aide informatique

Fenêtres de pub intempestives

Votre PC est infecté par un troyen, un virus, un spyware ? Vous souhaitez vous débarasser de barres d'outils indésirables ou venir à bout de la publicité intempestive ? C'est ici que vous devez poster vos logs HijackThis et autres rapports pour analyse.

Modérateurs: Modérateurs, Visiteurs Sécu

Fenêtres de pub intempestives

Messagepar ahma » Jeu 3 Nov 2011 11:21

Bonjours à tous, je suis nouveau sur le forum. Et c'est la première fois que je m'inscris à un forum.
Je cherche de l'aide car je pense que mon ordinateur est infecté. A tout moment, des fenêtres de pub s'ouvre que je sois sur internet ou pas. J'ai nettoyé le disque plusieurs fois, supprimé les cookies, rien n'y fait. Alors si quelqu'un a une solution miracle? Je suis preneur et avec toute ma gratitude.
Merci.
Ahma
ahma
 
Messages: 7
Enregistré le: Mer 2 Nov 2011 11:59

Re: Fenêtres de pub intempestives

Messagepar docpc » Jeu 3 Nov 2011 17:30

salut et bienvenue,

tu as des redirections lors de recherche sur internet???


Télécharge Malwarebytes' Anti-Malware (MBAM)
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

  • Ferme toutes tes applications en cours, et tes navigateurs
  • ]Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • *Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement.
    Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

• tuto: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php


NB : Si MBAM te demande à redémarrer, fais-le.

puis:
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

@+ :bye:
Avatar de l’utilisateur
docpc
 
Messages: 195
Enregistré le: Mar 12 Mai 2009 19:25

Re: Fenêtres de pub intempestives

Messagepar ahma » Dim 6 Nov 2011 11:58

Merci de ton aide. Voici le rapport obtenu avec MBAM:

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Version de la base de données: 8095

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

06/11/2011 11:50:58
mbam-log-2011-11-06 (11-50-58).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 163821
Temps écoulé: 4 minute(s), 50 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
c:\program files\PCTuto\pctuto.exe (Adware.Eorezo) -> 2900 -> Unloaded process successfully.
c:\documents and settings\admin\application data\PCtuto\updatepctuto\autoupdater.exe (Trojan.Eorezo) -> 1328 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO.1 (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PCTutoBHO.PCTBHO (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA} (Adware.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78} (Adware.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCTuto (Adware.Eorezo) -> Value: PCTuto -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoupdater (Trojan.Eorezo) -> Value: autoupdater -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\PCTuto\pctuto.exe (Adware.Eorezo) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\PCtuto\updatepctuto\autoupdater.exe (Trojan.Eorezo) -> Quarantined and deleted successfully.
c:\program files\PCTuto\pctutobho.dll (Adware.Eorezo) -> Quarantined and deleted successfully.
c:\program files\PCTuto\confmedia.cyp (Trojan.Eorezo) -> Quarantined and deleted successfully.
ahma
 
Messages: 7
Enregistré le: Mer 2 Nov 2011 11:59

Re: Fenêtres de pub intempestives

Messagepar ahma » Dim 6 Nov 2011 12:12

Ci-joint le rapport obtenu avec AdwCleaner (Je m'excuse si mes messages sont un peu brouillons, je ne maitrise pas encore tous les outils du forum)

Code: Tout sélectionner
# AdwCleaner v1.316 - Logfile created 11/06/2011 at 12:01:13
# Updated 10/31/11 at 10:00p.m by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - Z-088935AA2D0D4 (Limited Rights)
# Running from : C:\Documents and Settings\admin\Desktop\adwcleaner0.exe
# Option [Delete]


***** [KillNav] *****

No browsers was running.

***** [Processes] *****


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\admin\Application Data\OfferBox
Folder Deleted : C:\Documents and Settings\admin\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\admin\Application Data\PCtuto
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\PCTuto
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\PCTuto
Folder Deleted : C:\Program Files\OfferBox
Folder Deleted : C:\Program Files\PCTuto
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\Conduit
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\extensions\engine@conduit.com
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Navigateur OfferBox.lnk
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\searchplugins\SweetIm.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\PCTuto
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Offerbox
Key Deleted : HKLM\SOFTWARE\PCTuto
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Adobe\OpenCandy
Key Deleted : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer
Key Deleted : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PCTutoBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Offerbox Browser
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Registry is OK.

-\\ Mozilla Firefox v7.0.1 (fr)

Profile : 93zjgmst.default
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\prefs.js

C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\93zjgmst.default\user.js ... Deleted !

Deleted : user_pref("CT2866295..clientLogIsEnabled", true);
Deleted : user_pref("CT2866295..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Deleted : user_pref("CT2866295..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Deleted : user_pref("CT2866295.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2866295.AppTrackingLastCheckTime", "Sat Feb 19 2011 10:21:57 GMT+0100");
Deleted : user_pref("CT2866295.CT2866295", "CT2866295");
Deleted : user_pref("CT2866295.CurrentServerDate", "19-2-2011");
Deleted : user_pref("CT2866295.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2866295.DialogsGetterLastCheckTime", "Tue Jan 11 2011 15:32:26 GMT+0100");
Deleted : user_pref("CT2866295.DownloadReferralCookieData", "");
Deleted : user_pref("CT2866295.ExternalComponentPollDate129363730260381540", "Fri Feb 18 2011 11:29:59 GMT+0100");
Deleted : user_pref("CT2866295.FirstServerDate", "11-1-2011");
Deleted : user_pref("CT2866295.FirstTime", true);
Deleted : user_pref("CT2866295.FirstTimeFF3", true);
Deleted : user_pref("CT2866295.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2866295.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2866295.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2866295.HasUserGlobalKeys", true);
Deleted : user_pref("CT2866295.Initialize", true);
Deleted : user_pref("CT2866295.InitializeCommonPrefs", true);
Deleted : user_pref("CT2866295.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2866295.InstalledDate", "Tue Jan 11 2011 15:32:27 GMT+0100");
Deleted : user_pref("CT2866295.InvalidateCache", false);
Deleted : user_pref("CT2866295.IsGrouping", false);
Deleted : user_pref("CT2866295.IsMulticommunity", false);
Deleted : user_pref("CT2866295.IsOpenThankYouPage", true);
Deleted : user_pref("CT2866295.IsOpenUninstallPage", true);
Deleted : user_pref("CT2866295.LanguagePackLastCheckTime", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2866295.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Deleted : user_pref("CT2866295.LastLogin_3.3.0.19", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2866295.Locale", "en");
Deleted : user_pref("CT2866295.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2866295.MCDetectTooltipShow", false);
Deleted : user_pref("CT2866295.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2866295.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2866295.RadioIsPodcast", false);
Deleted : user_pref("CT2866295.RadioLastCheckTime", "Fri Feb 04 2011 23:40:23 GMT+0100");
Deleted : user_pref("CT2866295.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2866295.RadioLastUpdateServer", "129400872459600000");
Deleted : user_pref("CT2866295.RadioMediaID", "21753727");
Deleted : user_pref("CT2866295.RadioMediaType", "Media Player");
Deleted : user_pref("CT2866295.RadioMenuSelectedID", "EBRadioMenu_CT286629521753727");
Deleted : user_pref("CT2866295.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2866295.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2866295.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2866295.SavedHomepage", "hxxp://www.google.fr/");
Deleted : user_pref("CT2866295.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2866295.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&q=");
Deleted : user_pref("CT2866295.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2866295.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2866295.SearchInNewTabLastCheckTime", "Sat Feb 19 2011 10:21:46 GMT+0100");
Deleted : user_pref("CT2866295.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Deleted : user_pref("CT2866295.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Deleted : user_pref("CT2866295.ServiceMapLastCheckTime", "Sat Feb 19 2011 10:21:46 GMT+0100");
Deleted : user_pref("CT2866295.SettingsLastCheckTime", "Sat Feb 19 2011 12:36:54 GMT+0100");
Deleted : user_pref("CT2866295.SettingsLastUpdate", "1297970948");
Deleted : user_pref("CT2866295.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2866295.ThirdPartyComponentsLastCheck", "Tue Feb 01 2011 21:18:26 GMT+0100");
Deleted : user_pref("CT2866295.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2866295.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2866295.Uninstall", true);
Deleted : user_pref("CT2866295.UserID", "UN47844074170952344");
Deleted : user_pref("CT2866295.ValidationData_Search", 2);
Deleted : user_pref("CT2866295.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2866295.WeatherNetwork", "");
Deleted : user_pref("CT2866295.WeatherPollDate", "Sat Feb 05 2011 18:00:11 GMT+0100");
Deleted : user_pref("CT2866295.WeatherUnit", "C");
Deleted : user_pref("CT2866295.alertChannelId", "1258292");
Deleted : user_pref("CT2866295.approveUntrustedApps", true);
Deleted : user_pref("CT2866295.backendstorage._fb_dailyactivity", "31323936383539323234393336");
Deleted : user_pref("CT2866295.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2866295.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2866295.backendstorage.facebook_user_locale", "6672");
Deleted : user_pref("CT2866295.components.1000082", false);
Deleted : user_pref("CT2866295.components.1000234", false);
Deleted : user_pref("CT2866295.components.129400804515194683", false);
Deleted : user_pref("CT2866295.globalFirstTimeInfoLastCheckTime", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2866295.myStuffEnabled", true);
Deleted : user_pref("CT2866295.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2866295.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Deleted : user_pref("CT2866295.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2866295.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Deleted : user_pref("CT2866295.oldAppsList", "129363730258350254,129363730259600286,129363730260381540,1351900868972851174,1000082,129400804515194683,1000234,129417589124956435,129363730260850292,1000034,1000080,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012");
Deleted : user_pref("CT2866295.testingCtid", "");
Deleted : user_pref("CT2866295.toolbarAppMetaDataLastCheckTime", "Sat Feb 19 2011 10:21:47 GMT+0100");
Deleted : user_pref("CT2866295.toolbarContextMenuLastCheckTime", "Tue Jan 11 2011 15:32:27 GMT+0100");
Deleted : user_pref("CT2866295.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1258292/1253965/FR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1295532/1291203/FR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2866295", "\"1297285337\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2903601", "\"1295951898\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"0652eeacc6cb1:0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"8039ce950b0cb1:aef\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2866295", "\"634333631231730000\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2903601", "\"634333631231730000\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634335443890000000");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2866295/CT2866295", "\"1297970948\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2903601/CT2903601", "\"1297969979\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634322696881670000\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634322696881670000\"");
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2866295");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.15");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2866295");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.15");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2866295");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2866295");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 06 2011 12:23:35 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Aug 28 2011 14:52:13 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Aug 28 2011 12:18:10 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "76649009-9e3f-4e4c-99df-3b331af9fdb4");
Deleted : user_pref("CommunityToolbar.globalUserId", "6aef15a9-57b9-44fa-b0ad-d856748d837b");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2903601");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 29 2011 21:53:45 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/11/2011 17");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Jan 11 2011 15:32:26 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN51667868482141746");
Deleted : user_pref("ConduitEngine.engineLocale", "fr");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Feb 19 2011 10:21:52 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&SearchSource=3&q={searchTerms}");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&q=");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{06B1CB6C-DD1E-11E0-A5EC-00A0D5FFF985}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v [Impossible d'obtenir la version]

File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Supprimée :       "host_referral_list": [ 2, [ "hxxp://ad-emea.doubleclick.net/", [ "hxxp://akamai.smartadserver.com/", 2.2733802, "hxxp://at.alenty.com/", 2.2733802, "hxxp://s0.2mdn.net/", 2.9340205999999998, "hxxp://www.smartadserver.com/", 2.2733802, "hxxp://www.youtube.com/", 1.32060461512 ] ], [ "hxxp://ad-g.doubleclick.net/", [ "hxxp://akamai.smartadserver.com/", 2.2733802, "hxxp://at.alenty.com/", 2.2733802, "hxxp://s0.2mdn.net/", 2.9340205999999998, "hxxp://www.smartadserver.com/", 2.2733802 ] ], [ "hxxp://fr-fr.facebook.com/", [ "hxxp://static.ak.fbcdn.net/", 13.4975757810127 ] ], [ "hxxp://googleads.g.doubleclick.net/", [ "hxxp://s0.2mdn.net/", 2.2733802 ] ], [ "hxxp://home.sweetim.com/", [ "hxxp://search.sweetim.com/", 1.2772748859186118 ] ], [ "hxxp://s.ytimg.com/", [ "hxxp://ad-emea.doubleclick.net/", 5.576582199999999, "hxxp://googleads.g.doubleclick.net/", 2.6037003999999997, "hxxp://o-o.preferred.orange-par1.v13.lscache7.c.youtube.com/", 2.2733802, "hxxp://o-o.preferred.orange-par1.v17.lscache3.c.youtube.com/", 2.2733802, "hxxp://s.youtube.com/", 2.2733802, "hxxp://s.ytimg.com/", 3.2643407999999994, "hxxp://s0.2mdn.net/", 6.567542799999998, "hxxp://s2.youtube.com/", 2.6037003999999997, "hxxp://www.youtube.com/", 3.924981199999999 ] ], [ "hxxp://s0.2mdn.net/", [ "hxxp://motifcdn2.doubleclick.net/", 2.6037003999999997, "hxxp://rmcdn.2mdn.net/", 3.2643407999999994 ] ], [ "hxxp://search.sweetim.com/", [ "hxxp://ac1.sweetim.com/", 0.6824651644855917, "hxxp://ad.xtendmedia.com/", 1.3479141918872282, "hxxp://ad.yieldmanager.com/", 0.9901118572977747, "hxxp://ak1.abmr.net/", 1.500430932, "hxxp://cdn.search.sweetim.com/", 3.941368130972893, "hxxp://content.yieldmanager.com/", 1.0610127567062837, "hxxp://content.yieldmanager.edgesuite.net/", 0.8430014247062838, "hxxp://cookex.amp.yahoo.com/", 0.4851990901168303 ] ], [ "hxxp://www.google.com/", [ "hxxp://www.google.fr/", 2.025335319191497 ] ], [ "hxxp://www.google.fr/", [ "hxxp://id.google.fr/", 1.0104242112421828, "hxxp://news.google.fr/", 1.212556265039816, "hxxp://ssl.gstatic.com/", 1.6710646112421825, "hxxp://www.google.fr/", 10.39659781063936 ] ], [ "hxxp://www.grand-cordel.com/", [ "hxxp://fonts.googleapis.com/", 3.202453282482282, "hxxp://l.longtailvideo.com/", 3.202453282482282, "hxxp://themes.googleusercontent.com/", 2.025335319191497, "hxxp://www.grand-cordel.com/", 22.919179167602913 ] ], [ "hxxp://www.youtube.com/", [ "hxxp://ad-emea.doubleclick.net/", 1.0896103779792, "hxxp://ad-g.doubleclick.net/", 0.7485534501984, "hxxp://csi.gstatic.com/", 1.4581155930992, "hxxp://googleads.g.doubleclick.net/", 2.2733802, "hxxp://i1.ytimg.com/", 2.5942162464175995, "hxxp://i2.ytimg.com/", 3.0337376619759997, "hxxp://i3.ytimg.com/", 4.513762422411199, "hxxp://i4.ytimg.com/", 3.849623270852799, "hxxp://s.ytimg.com/", 2.3307819230751994, "hxxp://www.youtube.com/", 2.2733802 ] ], [ "hxxp://www.yroyto.com/", [ "hxxp://www.google-analytics.com/", 2.319614810014193, "hxxp://www.yroyto.com/", 9.382322589758898 ] ] ],
Supprimée :       "startup_list": [ 1, "hxxp://ac1.sweetim.com/", "hxxp://ad.xtendmedia.com/", "hxxp://ad.yieldmanager.com/", "hxxp://ak1.abmr.net/", "hxxp://cdn.search.sweetim.com/", "hxxp://content.yieldmanager.com/", "hxxp://content.yieldmanager.edgesuite.net/", "hxxp://home.sweetim.com/", "hxxp://search.sweetim.com/", "hxxp://wpad/" ]
Supprimée :    "homepage": "hxxp://home.sweetim.com/?barid={06B1CB6C-DD1E-11E0-A5EC-00A0D5FFF985}",
File is OK.

*************************

AdwCleaner[S1].txt - [24245 octets] - [06/11/2011 12:01:13]

*************************

Temporary folder :  : 13 folder(s)et 54 file(s) deleted

########## EOF - C:\AdwCleaner[S1].txt - [24462 octets] ##########
ahma
 
Messages: 7
Enregistré le: Mer 2 Nov 2011 11:59

Re: Fenêtres de pub intempestives

Messagepar docpc » Dim 6 Nov 2011 15:17

salut,

relance AdwCleaner et click sur [désinstallation]
encore des problémes :?:

@+ :bye:
Avatar de l’utilisateur
docpc
 
Messages: 195
Enregistré le: Mar 12 Mai 2009 19:25

Re: Fenêtres de pub intempestives

Messagepar ahma » Mer 9 Nov 2011 12:33

docpc a écrit:salut,

relance AdwCleaner et click sur [désinstallation]
encore des problémes :?:

@+ :bye:


Salut,
Apparemment cela fonctionne.
Merci infiniment pour cet aide.
:bye:
ahma
 
Messages: 7
Enregistré le: Mer 2 Nov 2011 11:59

Re: Fenêtres de pub intempestives

Messagepar docpc » Mer 9 Nov 2011 22:11

salut,


C’est OK,
je t'invite à lire ceci:
Les PUPsLPIs http://www.malekal.com/2011/07/27/detec ... d-program/

Pour aller plus loin : Sécuriser son ordinateur (version courte)

@+ :bye:
Avatar de l’utilisateur
docpc
 
Messages: 195
Enregistré le: Mar 12 Mai 2009 19:25

Re: Fenêtres de pub intempestives

Messagepar Lokai » Dim 9 Avr 2017 21:27

Personnellement, en installant AdwCleaner et Adwords, je n'ai plus de problème. J'ai aussi passé un coup de CCleaner avant.
Pour ma configuration si ça peut aider, j'ai cette configuration de PC à 500 €.
Lokai
 
Messages: 1
Enregistré le: Dim 9 Avr 2017 21:26


Retourner vers Désinfection de virus & nettoyage des nuisances

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum : Aucun utilisateur enregistré et 0 invités