Author Topic: Win32:Evo-gen [Susp]  (Read 76656 times)

0 Members and 1 Guest are viewing this topic.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6797
  • volunteer
Re: Win32:Evo-gen [Susp]
« Reply #30 on: August 25, 2014, 09:31:40 PM »
N'y aurai t'il pas un autre moyen ? (J'aime pas trop CCleaner ...) mais bon si y'a pas d'autres moyens ...
Si je met ne plus faire attention ou un truc dans le genre quand il me fait l'alerte sa marche pas ?

bien
nous courons l'utilitaire de nettoyage de disque

Appuyez sur Windows + R clés> Type cleanmgr. (Vous pouvez exécuter cette commande également l'administrateur d'une invite de commande élevée.)

Lorsque l'application s'ouvre, cochez les options qui sont:

• Téléchargé Program Files;
• Fichiers Internet temporaires;
• Pages Web hors ligne;
• Corbeille;
• Configuration des fichiers journaux;
• Les fichiers temporaires;
• Miniatures;
• Les fichiers à partir de Windows Error Reporting.

Et cliquez sur "OK".

Une fenêtre apparaît indiquant que tous les fichiers sélectionnés sont supprimés pour toujours. Pour continuer, sélectionnez Supprimer les fichiers

Patientez quelques instants
Prêt, le nettoyage de disque est terminé.
« Last Edit: August 25, 2014, 09:37:48 PM by jefferson santiag »

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #31 on: August 26, 2014, 08:10:20 AM »
Merci beaucoup ! Sa fonctionne ! Et en plus j'aurai appris à faire un nettoyage de disque merci beaucoup  !
« Last Edit: August 26, 2014, 08:25:14 AM by tibiscuit84 »

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #32 on: August 26, 2014, 08:30:33 AM »
Par contre quand je veux télécharger le logiciel Mineways, avast! met une alerte menace bloquée Win32:Evo-gen [Susp] juste après le téléchargement du fichier ZIP contenant le setup. Et là cela me le fait même après le nettoyage ...

Désolé pour toutes ces questions mais cela m'étonne car ce logiciel est utilisé par nombreux de mes amis et ils n'ont jamais eu de problèmes ...

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6797
  • volunteer
Re: Win32:Evo-gen [Susp]
« Reply #33 on: August 26, 2014, 01:34:19 PM »
Merci beaucoup ! Sa fonctionne ! Et en plus j'aurai appris à faire un nettoyage de disque merci beaucoup  !

soyez le bienvenu
problème de resolu.

Par contre quand je veux télécharger le logiciel Mineways, avast! met une alerte menace bloquée Win32:Evo-gen [Susp] juste après le téléchargement du fichier ZIP contenant le setup. Et là cela me le fait même après le nettoyage ...

Envoyer le fichier à analyser à virus@avast.com signaler le "faux positif"
S'il vous plaît mettre dans le format ZIP ou RAR.

soumettre FPs (faux positif)
http://www.avast.com/fr-fr/contact-form.php

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #34 on: August 30, 2014, 01:15:50 PM »
Mais je ne peu pas envoyer le fichier avast! m'empêche de le téléchatger !

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6797
  • volunteer
Re: Win32:Evo-gen [Susp]
« Reply #35 on: August 30, 2014, 09:35:22 PM »
Mais je ne peu pas envoyer le fichier avast! m'empêche de le téléchatger !

Bonjour.

vous devez désactiver temporairement protection avast

cliquez sur l'icône d'avast,Cliquer droit sur  dans la barre des tâches, sélectionnez gestion des agents Avast
désactiver pour une heures.

voir l'image jointe ci-dessous

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #36 on: October 03, 2014, 02:10:38 PM »
Bonjour !

Alors j'ignore si je peux poster ici, mais j'ai quant à moi le message "Infection Win32:Evo-gen" qui apparaît à chaque fois que j'allume le PC, en arrivant sur le bureau. L'icône d'Avast sur mon bureau n'est plus la même (c'est la même icône que lorsque Windows ne sais pas quel logiciel utiliser pour lire un fichier).


Infection bloquée

    URL
    hxxp://allowers.org/?e=pfvd&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=1160&dd=4&country=FR&ind=3721070768697363645&exid=0&ssd=14947300893376744331&hid=17613310529382680174&osid=601&channel=0&sfx=1&n

    Infection
    Win32:Evo-gen [Susp]


Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6797
  • volunteer
Re: Win32:Evo-gen [Susp]
« Reply #37 on: October 03, 2014, 04:28:14 PM »
Bonjour !

Alors j'ignore si je peux poster ici, mais j'ai quant à moi le message "Infection Win32:Evo-gen" qui apparaît à chaque fois que j'allume le PC, en arrivant sur le bureau. L'icône d'Avast sur mon bureau n'est plus la même (c'est la même icône que lorsque Windows ne sais pas quel logiciel utiliser pour lire un fichier).


Infection bloquée

    URL
 
  hxxp://allowers.org/?exid=0&ssd=14947300893376744331&hid=17613310529382680174&osid=601&channel=0&sfx=1&n

    Infection    Win32:Evo-gen [Susp]

Bonjour.

Notre  suppression des malveillants est en vacances cette période, alors que ce problème est effectuée par l'expert de quelqu'un dans la section virus et les worm (virus and worms)

https://forum.avast.com/index.php?board=4.0

S'il vous plaît suivez ces étapes
vous pouvez trouver un autre forum si vous ne savez pas en anglais.

Télécharger Farbar Recovery Scan Tool et enregistrez-le sur votre bureau.
 
Note: Vous devez exécuter la version compatible avec votre système. Si vous n'êtes pas sûr de la version correspondant à votre système de les télécharger et d'essayer de les faire fonctionner. Un seul d'entre eux de s'exécuter sur votre système, qui sera la version correcte.
 
  • Faites un cliquez droit pour exécuter en tant qu'administrateur (sous Windows XP cliquez sur Exécuter après avoir reçu le Windows Sécurité d'avertissement- Ouvrir un fichier). Lorsque l'outil s'ouvre, cliquez sur yes pour avertissement.
  • Sélectionnez  additions  à la base.
  • Appuyez sur Scan .

  • Il va produire un dossier appelé  FRST.txt dans le même répertoire que l'outil est exécuté à partir.
  • S'il vous plaît joindre les deux journaux générés.

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #38 on: October 03, 2014, 05:21:46 PM »
Merci ! Je n'ai pas tout saisi le début de votre réponse concernant le spécialiste qui est en vacances, mais j'ai exécuté les commandes que vous m'avez demandé :

Voici les 2 rapports.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6797
  • volunteer
Re: Win32:Evo-gen [Susp]
« Reply #39 on: October 03, 2014, 05:30:54 PM »
Merci ! Je n'ai pas tout saisi le début de votre réponse concernant le spécialiste qui est en vacances, mais j'ai exécuté les commandes que vous m'avez demandé :

Voici les 2 rapports.

exactement
rapports supprimer les logiciels malveillants.

Hello!

So I do not know if I can post here, but I for my part the message "Infection Win32: Evo-gen" which appears every time I turn on the PC, arriving on the desktop. Avast icon on my desktop is not the same (the same icon as when Windows does not know which program to use to read a file).


blocked infection

     URL
     hxxp://allowers.org/?e=pfvd&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=1160&dd=4&country=FR&ind=3721070768697363645&exid=0&ssd=14947300893376744331&hid=17613310529382680174&osid=601&channel=0&sfx=1&n

     infection
     Win32: Evo-gen [Susp]

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #40 on: October 03, 2014, 06:42:00 PM »
Je ne comprends pas. Que dois-je faire maintenant, avec ces 2 rapports ? Dois-je attendre un autre intervenant ?

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6797
  • volunteer
Re: Win32:Evo-gen [Susp]
« Reply #41 on: October 04, 2014, 04:39:21 AM »
Je ne comprends pas. Que dois-je faire maintenant, avec ces 2 rapports ? Dois-je attendre un autre intervenant ?

Si vous n'écrivez pas en anglais, comme l'analyste et les logiciels malveillants ne comprend pas le domaine de la langue,Je ne peux pas aider à traduire le temps de forum est courte, vous pouvez utiliser le traducteur de Google
Utilisez ce forum 

http://sosvirus.net/

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #42 on: October 04, 2014, 03:18:32 PM »
Ok. I let you the 2 reports. What do I have to do now ?

REDACTED

  • Guest
Re: Win32:Evo-gen [Susp]
« Reply #43 on: October 05, 2014, 06:43:09 AM »
Hi Camus1440, :)

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.


  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.

      • FoxTab PDF Creator
    [/li]
    [/list]


    • Step #2 Fix with FRST
      Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
      • Open Notepad.exe. Do not use any other text editor software;
      • Copy and Paste the contents inside the code-box to your Notepad --
    Code: [Select]
    Start
    CustomCLSID: HKU\S-1-5-21-1715453859-3030074316-2178118280-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Benji144\AppData\Local\Temp\f2C0.exe ()
    C:\Users\Benji144\AppData\Local\Temp\f2C0.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
    HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
    c:\program files\movies toolbar
    SearchScopes: HKLM - {4EFC32AB-14DB-20D8-569D-237DA239B5D3} URL = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {4EFC32AB-14DB-20D8-569D-237DA239B5D3} URL = http://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
    SearchScopes: HKCU - {4EFC32AB-14DB-20D8-569D-237DA239B5D3} URL = http://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
    SearchScopes: HKCU - {810D2A3B-77EE-49E0-9FC7-23ACD520B06D} URL = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=4aee7a9e0000000000006c626dee1dbd&q={searchTerms}&r=282
    CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=a9396-116&t=4"
    C:\Users\Benji144\AppData\Local\Temp\5103ff6c-cd27-4d85-ad53-8d43e8eaf670.exe
    C:\Users\Benji144\AppData\Local\Temp\7za.exe
    C:\Users\Benji144\AppData\Local\Temp\A1CeeBaB.exe
    C:\Users\Benji144\AppData\Local\Temp\AAMHelper.exe
    C:\Users\Benji144\AppData\Local\Temp\AdobeApplicationManager.exe
    C:\Users\Benji144\AppData\Local\Temp\AskPIP_FF_.exe
    C:\Users\Benji144\AppData\Local\Temp\BingBarSetup-Partner.exe
    C:\Users\Benji144\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\Creative Cloud Helper.exe
    C:\Users\Benji144\AppData\Local\Temp\CreativeCloudSet-Up.exe
    C:\Users\Benji144\AppData\Local\Temp\Delta.exe
    C:\Users\Benji144\AppData\Local\Temp\DeltaTB.exe
    C:\Users\Benji144\AppData\Local\Temp\dotNetFx40_Full_setup.exe
    C:\Users\Benji144\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzu6yp.dll
    C:\Users\Benji144\AppData\Local\Temp\f2C0.exe
    C:\Users\Benji144\AppData\Local\Temp\installhelper.dll
    C:\Users\Benji144\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Benji144\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Benji144\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Benji144\AppData\Local\Temp\Kreapixel_addonAcPro.exe
    C:\Users\Benji144\AppData\Local\Temp\L6GPInst.dll
    C:\Users\Benji144\AppData\Local\Temp\mirc719.exe
    C:\Users\Benji144\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\Benji144\AppData\Local\Temp\MyBabylonTB.exe
    C:\Users\Benji144\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Benji144\AppData\Local\Temp\OfertaBubbledockInstaller_FR.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaColoors_Boxore.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaColoors_SaveClicker.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaLauncher.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaloffinamSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\Ofertarcpsetup_colppi.exe
    C:\Users\Benji144\AppData\Local\Temp\propsys.dll
    C:\Users\Benji144\AppData\Local\Temp\push.exe
    C:\Users\Benji144\AppData\Local\Temp\Quarantine.exe
    C:\Users\Benji144\AppData\Local\Temp\Setup.exe
    C:\Users\Benji144\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Benji144\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary2165102420948202036.dll
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary2457771221875625475.dll
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary5362781648379981408.dll
    C:\Users\Benji144\AppData\Local\Temp\ubi3612.tmp.exe
    C:\Users\Benji144\AppData\Local\Temp\ubi5FB1.tmp.exe
    C:\Users\Benji144\AppData\Local\Temp\ubiEFB0.tmp.exe
    C:\Users\Benji144\AppData\Local\Temp\Uni000.exe
    C:\Users\Benji144\AppData\Local\Temp\uninstall.exe
    C:\Users\Benji144\AppData\Local\Temp\update2336293.exe
    C:\Users\Benji144\AppData\Local\Temp\vlc-2.1.5-win32.exe
    C:\Users\Benji144\AppData\Local\Temp\WebAdSystem_setup.exe
    C:\Users\Benji144\AppData\Local\Temp\WLM2011Installer.exe
    C:\Users\Benji144\AppData\Local\Temp\WLM_2011.exe
    C:\Users\Benji144\AppData\Local\Temp\WSSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\_is361C.exe
    C:\Users\Benji144\AppData\Local\Temp\_is4F47.exe
    C:\Users\Benji144\AppData\Local\Temp\_is60BA.exe
    C:\Users\Benji144\AppData\Local\Temp\_is967.exe
    Emptytemp:
    End
      • Click on File > Save as...
        • Inside the File Name box type fixlist.txt;
        • From the Save as type drop down list, choose All Files
      • Save the file to your Desktop;
      • Re-run FRST.exe and click Fix;
        Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.



    • Step #3 Fix with AdwCleaner
      • Download AdwCleaner by Xplode to your Desktop from the following link.
      • Right-click on AdwCleaner.exe and choose Run as administrator;
      • Click on Scan and let the program run unhindered;
      • When done, click on Clean and allow the system to reboot after it is done;
      • A log will be opened automatically after the restart;
      • Attach the log in your reply.


    • Step #4 Fix with Junkware Removal Tool
      Download Junkware Removal Tool by thisisu to your Desktop from the link below.
      Download Link 1
      Download Link 2
      • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
      • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
      • Please be patient as the tool cleans your system;
      • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
      • Attach the log in your next reply.


    From this thread perform the aswMBR and RogueKiller steps and attach the logs.



    • Required Log(s):
      • FRST Fix Log
      • AdwCleaner Log
      • Junkware Removal Tool Log
      • aswMBR Log
      • RogueKiller Report
    Regards,
    Valinorum

    REDACTED

    • Guest
    Re: Win32:Evo-gen [Susp]
    « Reply #44 on: October 05, 2014, 01:35:38 PM »
    Step 1 : It didn't work first, with many error messages. But it removed the programm all alonea few minutes later.

    Step 2 : I did not understand if I have to join the file or if I have to paste it here. I try the second choice :

    Quote
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
    Ran by Benji144 at 2014-10-05 13:04:22 Run:1
    Running from C:\Users\Benji144\Desktop
    Loaded Profile: Benji144 (Available profiles: Benji144 & UpdatusUser)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Start
    CustomCLSID: HKU\S-1-5-21-1715453859-3030074316-2178118280-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Benji144\AppData\Local\Temp\f2C0.exe ()
    C:\Users\Benji144\AppData\Local\Temp\f2C0.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
    HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
    c:\program files\movies toolbar
    SearchScopes: HKLM - {4EFC32AB-14DB-20D8-569D-237DA239B5D3} URL = http://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {4EFC32AB-14DB-20D8-569D-237DA239B5D3} URL = http://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
    SearchScopes: HKCU - {4EFC32AB-14DB-20D8-569D-237DA239B5D3} URL = http://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
    SearchScopes: HKCU - {810D2A3B-77EE-49E0-9FC7-23ACD520B06D} URL = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=4aee7a9e0000000000006c626dee1dbd&q={searchTerms}&r=282
    CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=a9396-116&t=4"
    C:\Users\Benji144\AppData\Local\Temp\5103ff6c-cd27-4d85-ad53-8d43e8eaf670.exe
    C:\Users\Benji144\AppData\Local\Temp\7za.exe
    C:\Users\Benji144\AppData\Local\Temp\A1CeeBaB.exe
    C:\Users\Benji144\AppData\Local\Temp\AAMHelper.exe
    C:\Users\Benji144\AppData\Local\Temp\AdobeApplicationManager.exe
    C:\Users\Benji144\AppData\Local\Temp\AskPIP_FF_.exe
    C:\Users\Benji144\AppData\Local\Temp\BingBarSetup-Partner.exe
    C:\Users\Benji144\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\Creative Cloud Helper.exe
    C:\Users\Benji144\AppData\Local\Temp\CreativeCloudSet-Up.exe
    C:\Users\Benji144\AppData\Local\Temp\Delta.exe
    C:\Users\Benji144\AppData\Local\Temp\DeltaTB.exe
    C:\Users\Benji144\AppData\Local\Temp\dotNetFx40_Full_setup.exe
    C:\Users\Benji144\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzu6yp.dll
    C:\Users\Benji144\AppData\Local\Temp\f2C0.exe
    C:\Users\Benji144\AppData\Local\Temp\installhelper.dll
    C:\Users\Benji144\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Benji144\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Benji144\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Benji144\AppData\Local\Temp\Kreapixel_addonAcPro.exe
    C:\Users\Benji144\AppData\Local\Temp\L6GPInst.dll
    C:\Users\Benji144\AppData\Local\Temp\mirc719.exe
    C:\Users\Benji144\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\Benji144\AppData\Local\Temp\MyBabylonTB.exe
    C:\Users\Benji144\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Benji144\AppData\Local\Temp\OfertaBubbledockInstaller_FR.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaColoors_Boxore.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaColoors_SaveClicker.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaLauncher.exe
    C:\Users\Benji144\AppData\Local\Temp\OfertaloffinamSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\Ofertarcpsetup_colppi.exe
    C:\Users\Benji144\AppData\Local\Temp\propsys.dll
    C:\Users\Benji144\AppData\Local\Temp\push.exe
    C:\Users\Benji144\AppData\Local\Temp\Quarantine.exe
    C:\Users\Benji144\AppData\Local\Temp\Setup.exe
    C:\Users\Benji144\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Benji144\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary2165102420948202036.dll
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary2457771221875625475.dll
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary5362781648379981408.dll
    C:\Users\Benji144\AppData\Local\Temp\ubi3612.tmp.exe
    C:\Users\Benji144\AppData\Local\Temp\ubi5FB1.tmp.exe
    C:\Users\Benji144\AppData\Local\Temp\ubiEFB0.tmp.exe
    C:\Users\Benji144\AppData\Local\Temp\Uni000.exe
    C:\Users\Benji144\AppData\Local\Temp\uninstall.exe
    C:\Users\Benji144\AppData\Local\Temp\update2336293.exe
    C:\Users\Benji144\AppData\Local\Temp\vlc-2.1.5-win32.exe
    C:\Users\Benji144\AppData\Local\Temp\WebAdSystem_setup.exe
    C:\Users\Benji144\AppData\Local\Temp\WLM2011Installer.exe
    C:\Users\Benji144\AppData\Local\Temp\WLM_2011.exe
    C:\Users\Benji144\AppData\Local\Temp\WSSetup.exe
    C:\Users\Benji144\AppData\Local\Temp\_is361C.exe
    C:\Users\Benji144\AppData\Local\Temp\_is4F47.exe
    C:\Users\Benji144\AppData\Local\Temp\_is60BA.exe
    C:\Users\Benji144\AppData\Local\Temp\_is967.exe
    Emptytemp:
    End
    *****************

    "HKU\S-1-5-21-1715453859-3030074316-2178118280-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully.
    C:\Users\Benji144\AppData\Local\Temp\f2C0.exe => Moved successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
    HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
    HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
    "c:\program files\movies toolbar" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EFC32AB-14DB-20D8-569D-237DA239B5D3}" => Key deleted successfully.
    "HKCR\CLSID\{4EFC32AB-14DB-20D8-569D-237DA239B5D3}" => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EFC32AB-14DB-20D8-569D-237DA239B5D3}" => Key deleted successfully.
    "HKCR\CLSID\{4EFC32AB-14DB-20D8-569D-237DA239B5D3}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{810D2A3B-77EE-49E0-9FC7-23ACD520B06D}" => Key deleted successfully.
    "HKCR\CLSID\{810D2A3B-77EE-49E0-9FC7-23ACD520B06D}" => Key not found.
    Chrome StartupUrls deleted successfully.
    C:\Users\Benji144\AppData\Local\Temp\5103ff6c-cd27-4d85-ad53-8d43e8eaf670.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\7za.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\A1CeeBaB.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\AAMHelper.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\AdobeApplicationManager.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\BingBarSetup-Partner.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Creative Cloud Helper.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\CreativeCloudSet-Up.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Delta.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\DeltaTB.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\dotNetFx40_Full_setup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzu6yp.dll => Moved successfully.
    "C:\Users\Benji144\AppData\Local\Temp\f2C0.exe" => File/Directory not found.
    C:\Users\Benji144\AppData\Local\Temp\installhelper.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Kreapixel_addonAcPro.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\L6GPInst.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\mirc719.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\MyBabylonTB.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\OfertaBubbledockInstaller_FR.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\OfertaColoors_Boxore.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\OfertaColoors_SaveClicker.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\OfertaLauncher.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\OfertaloffinamSetup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Ofertarcpsetup_colppi.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\propsys.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\push.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Setup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary2165102420948202036.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary2457771221875625475.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\SRLDetectionLibrary5362781648379981408.dll => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\ubi3612.tmp.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\ubi5FB1.tmp.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\ubiEFB0.tmp.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\Uni000.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\uninstall.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\update2336293.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\WebAdSystem_setup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\WLM2011Installer.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\WLM_2011.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\WSSetup.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\_is361C.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\_is4F47.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\_is60BA.exe => Moved successfully.
    C:\Users\Benji144\AppData\Local\Temp\_is967.exe => Moved successfully.
    EmptyTemp: => Removed 17.6 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====


    Step 3 :

    Quote
    # AdwCleaner v3.311 - Rapport créé le 05/10/2014 à 13:43:49
    # Mis à jour le 30/09/2014 par Xplode
    # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)
    # Nom d'utilisateur : Benji144 - BENJI144-PC
    # Exécuté depuis : C:\Users\Benji144\Desktop\adwcleaner_3.311.exe
    # Option : Nettoyer

    ***** [ Services ] *****


    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
    Dossier Supprimé : C:\Program Files\Free Video Converter
    Dossier Supprimé : C:\Users\Benji144\AppData\Roaming\Systweak
    Dossier Supprimé : C:\Users\Benji144\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
    Fichier Supprimé : C:\Windows\system32\roboot.exe
    Fichier Supprimé : C:\Users\Benji144\AppData\Roaming\Mozilla\Firefox\Profiles\f1ybergn.default-1398531465893\invalidprefs.js

    ***** [ Tâches planifiées ] *****

    Tâche Supprimée : Dealply
    Tâche Supprimée : MySearchDial
    Tâche Supprimée : Searchya

    ***** [ Raccourcis ] *****


    ***** [ Registre ] *****

    Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
    Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Clé Supprimée : HKCU\Software\systweak
    Clé Supprimée : HKLM\SOFTWARE\DataMngr
    Clé Supprimée : HKLM\SOFTWARE\DealPly
    Clé Supprimée : HKLM\SOFTWARE\systweak
    Clé Supprimée : HKLM\SOFTWARE\Wajam

    ***** [ Navigateurs ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.3 (x86 fr)

    [ Fichier : C:\Users\Benji144\AppData\Roaming\Mozilla\Firefox\Profiles\f1ybergn.default-1398531465893\prefs.js ]


    -\\ Google Chrome v37.0.2062.124

    [ Fichier : C:\Users\Benji144\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Supprimée [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc

    *************************

    AdwCleaner[R0].txt - [30620 octets] - [26/04/2014 18:47:25]
    AdwCleaner[R1].txt - [2380 octets] - [05/10/2014 13:39:28]
    AdwCleaner[S0].txt - [31014 octets] - [26/04/2014 18:48:47]
    AdwCleaner[S1].txt - [2322 octets] - [05/10/2014 13:43:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2382 octets] ##########

    « Last Edit: October 05, 2014, 01:52:58 PM by Camus1440 »