Bonjour, je reçois plusieurs virus par jour que je met en quarantaine ou que je supprime. Très souvent au démarrage il revienne même après avoir coché la case "répéter cette action sans demander pour ce type de virus."! Je sollicite votre aide une seconde fois pendant que mon pc n'est pas encore complètement foutu... Mes problèmes: -Étant administrateur je n'ai pas accès au panneau de configuration car je ne suis pas administrateur O_o' ! -Divers problème apparaissent de temps en temps tel que : le PC ne sais plus avec quel logiciel ouvrir un fichier donc l'extension est ... (pour tout les type de fichier) au redémarrage ça re-fonctionne -_-' -Les antivirus que "Avira AntiVir Personal" supprime revienne après redémarrage... -Firefox ne me connecte plus automatiquement même après suppressions des cookies etc... et activation de l'option pour loger automatiquement sur les sites.... Constatations bisares a mes yeux: -Je ne lag pas pour autant... -Pas de problèmes d'extinction s du PC toute seule etc... -Pas de problème perte de compte ou autres... Je suis ouvert à tour! Merci, Bye Configuration: Windows Vista / Firefox 3.6.10

salut il ne faut pas poster plusieurs fois pour un meme sujet Télécharge ici :OTL &#9654 enregistre le sur ton Bureau. si tu as XP => double clique si tu as Vista ou windows 7 => clic droit "executer en tant que...." sur OTL.exe pour le lancer. &#9654 Coche les 2 cases Lop et Purity &#9654 Coche la case devant tous les utilisateurs &#9654 règle age du fichier sur "60 jours" &#9654 dans la moitié gauche , mets tout sur "tous" ne modifie pas ceci : "fichiers créés" et "fichiers Modifiés" &#9654Clic sur Analyse. A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt) &#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/ &#9654 Clique sur Parcourir et cherche le fichier ci-dessus. &#9654 Clique sur Ouvrir. &#9654 Clique sur "Cliquez ici pour déposer le fichier". juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra : http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt &#9654 Copie ce lien dans ta réponse. &#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

si tu as XP => double clique si tu as Vista ou windows 7 => clic droit "executer en tant que...." &#9654 Relance List_Kill'em,avec le raccourci sur ton bureau. mais cette fois-ci : &#9654 choisis l'Option Clean laisse travailler l'outil. en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau , &#9654 colle le contenu dans ta reponse

Virus causant divers problèmes sur mon PC...

Réponse 21 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
20 oct. 2010 à 09:07

Mais, ca serais bien des hack de jeu ces machins! A tout les coups les virus viennent de mon frère qui s'amuse a essayer d'hacker sur warrock!

http://www.virustotal.com/file-scan/reanalysis.html?id=0330577c4c357e4d59acc4565a12e7f458bc38571d9ae088bdc0ae8bd18f5cc2-1287558204

Pour le premier et :

http://www.virustotal.com/file-scan/report.html?id=38bfe763b33db9ad29f9ef92199ee3db322abd383bd3d6786acd98b5de7a3b51-1287558265

Et pis y a tout de même pas mal de virus apparement dans le log ><

Réponse 22 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
20 oct. 2010 à 09:11

A oui je ne sais pas pourquoi je ne peux visionner aucune video de n'importe quel site là...

Réponse 23 / 95

Utilisateur anonyme
20 oct. 2010 à 14:35

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

▶ Télécharge ici :List_Kill'em

et enregistre le sur ton bureau

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu

choisis l'option Search

▶ laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶ Fais de même avec more.txt qui se trouve sur ton bureau

Réponse 24 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
20 oct. 2010 à 16:30

Merci j'ai quand même eu un moment de doute quand tu m'as dis de désactiver l'antivirus... Et oui je me suis dit que pour avoir autant de virus ça doit être une passoire donc je me suis demandé si c'était utile x')
M'enfin je peux continuer d'utiliser mon pc ou pas ?

Réponse 25 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
20 oct. 2010 à 16:49

C'est bisard il m'a demander quelques chose en anglais... J'ai répondu "decline"

List'em:

http://www.cijoint.fr/cjlink.php?file=cj201010/cijZdPSsez.txt

More:

http://www.cijoint.fr/cjlink.php?file=cj201010/cijGPy5vQR.txt

Réponse 26 / 95

Utilisateur anonyme
20 oct. 2010 à 19:16

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ Relance List_Kill'em,avec le raccourci sur ton bureau.

mais cette fois-ci :

▶ choisis l'Option Clean

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse

Réponse 27 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
20 oct. 2010 à 19:52

Merci je poste le scan quand il est fini ;)
Sinon quel logiciel je peux utiliser de temps en temps pour supprimer les possibles virus sur mon pc sans qu'il y est de problème ?

Merci ;)

Bye

Réponse 28 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
20 oct. 2010 à 20:11

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.1.0 ¤¤¤¤¤¤¤¤¤¤

User : Arthur (Administrateurs)
Update on 19/10/2010 by g3n-h@ckm@n ::::: 14.30
Start at: 19:47:54 thuthur-- | 20/10/2010

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18975
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 228,13 Go (35,21 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 227,87 Go (1,69 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 556,13 Mo (0 Mo free) [7227] | CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible
N:\ -> Disque amovible
O:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\ProgramData\BM6700e581.txt
Quarantined & Deleted !! : C:\ProgramData\BM6700e581.xml
Quarantined & Deleted !! : C:\ProgramData\ezsid.dat
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\ProgramData\LauncherAccess.dt
Quarantined & Deleted !! : C:\ProgramData\LUUnInstall.LiveUpdate
Quarantined & Deleted !! : C:\ProgramData\pskt.ini
Quarantined & Deleted !! : C:\ProgramData\.zreglib
Quarantined & Deleted !! : C:\Program Files\Cheat Engine\dbk32.sys
Quarantined & Deleted !! : C:\Program Files\WinPCap
Quarantined & Deleted !! : C:\Windows\meta4.exe

Quarantined & Deleted !! : C:\Windows\System32\ealregsnapshot1.reg
Quarantined & Deleted !! : C:\Windows\System32\x64
Quarantined & Deleted !! : C:\Users\Arthur\MPEG4Modifier.exe
Quarantined & Deleted !! : C:\Users\Arthur\Reflet.exe
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\dzxmkadm.bat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\gfizbssl.bat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\gfzslt.bat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\hizabuvw.bat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\jcxanil.bat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\saequuk.dat
Quarantined & Deleted !! : C:\Users\Arthur\AppData\Local\xjafghs.dat
Quarantined & Deleted !! : C:\Users\Arthur\Local Settings\Temp\alm.log
Quarantined & Deleted !! : C:\Users\Arthur\Local Settings\Temp\amt.log
Quarantined & Deleted !! : C:\Users\Arthur\LOCAL Settings\Temp\VSUSetup.exe
Quarantined & Deleted !! : C:\Users\Arthur\LOCAL Settings\Temp\50340359.dat
Quarantined & Deleted !! : C:\Users\Arthur\LOCAL Settings\Temp\NGMDll.dll
Quarantined & Deleted !! : C:\Users\Arthur\LOCAL Settings\Temp\NGMResource.dll
Quarantined & Deleted !! : C:\Users\Arthur\LOCAL Settings\Temp\unicows.dll
Deleted !! : C:\$Recycle.bin\S-1-5-21-285529066-2399538075-2089067347-1002\$IC8DZ87.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-285529066-2399538075-2089067347-1002\$INUIWX3
Deleted !! : C:\$Recycle.bin\S-1-5-21-285529066-2399538075-2089067347-1002\$RC8DZ87.lnk

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {32099AAC-C132-4136-9E9A-4E364A424E17}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKCR\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{21ba420e-161c-413a-b21e-4e42ae1f4226}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}
Deleted : HKCR\Interface\{4afc07d0-59bb-46b8-b097-1a46e88eef71}
Deleted : HKCR\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}
Deleted : HKCR\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}
Deleted : HKCR\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}
Deleted : HKCR\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}
Deleted : HKCR\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0fb6a909-6086-458f-bd92-1f8ee10042a0}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fb6a909-6086-458f-bd92-1f8ee10042a0}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89f88394-3828-4d03-a0cf-8203604c3da6}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d4233f04-1789-483c-a137-731e8f113dd5}
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\NPF
Deleted : HKLM\SYSTEM\ControlSet002\Services\NPF

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 ()
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
FirstRunDisabled = 1 ()

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost :
====================================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 29 / 95

Utilisateur anonyme
20 oct. 2010 à 21:40

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

▶ Télécharge ici :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :

( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Réponse 30 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
21 oct. 2010 à 13:01

A la suppression des virus a la fin il m'a dit "Erreur 13 type incompatible."
Et autre chose :s pourquoi je n'ai pas de rapport qui date de ce matin j'ai que :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3871
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

20/08/2010 15:33:40 thuthur--
mbam-log-2010-08-20 (15-33-40).txt

Type de recherche: Examen rapide
Eléments examinés: 147321
Temps écoulé: 11 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 58
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee758b4-c3fb-4a5b-9939-848b9c77a2fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573f4abb-a1a2-44ed-9ba9-a8dad40aac46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396cfc12-932d-496b-a0a8-5d7201e105e1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60da826c-b1c6-4358-bdec-4837ced45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74c22317-5b90-471f-9ad2-fec049870a16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1089f63-7afc-4538-b0eb-bea0f4225a57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02aed140-2b62-4b49-8b3b-179020cc39b9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17bf1e05-c0e8-413c-bd1f-a481eea3b8e9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc7bd6f1-565c-47ce-a5bb-9c935e77b59d} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc16189-8a92-4a29-a940-60248385f426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5fe0ceae-cb69-40af-a323-40f94257dacb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721a8e5-bfdb-4562-9912-9e0531ca616c} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f1a1892c-2a6c-4817-98b4-ff81443cba20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e25da6d6-c365-46cf-abaf-dc5893135d7a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167c-483d-a4ba-8b3122abb432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dd76b7b-6423-4df0-9a07-84a6cad973a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f6cfb6a-9227-4bb8-b941-f2b067e76f51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab0ee208-df60-4fa7-a617-c4269760033e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12aeab6-7d12-4c07-8e36-5892efb4dafb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2f2c137-a782-4fb5-81af-086156f5eb0a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1d06c9f-51f0-4476-bede-5ddf91be304e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3a32df2-7413-4fb1-b575-1ac920a17b76} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Program Files\ShopperReports3\bin\3.0.485.0\ShopperReports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\CntntCntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\LaunchHelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Et

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3871
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

15/03/2010 20:32:37 thuthur--
mbam-log-2010-03-15 (20-32-37).txt

Type de recherche: Examen rapide
Eléments examinés: 141681
Temps écoulé: 8 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 48
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25e0128d-aafc-49ff-ab11-1f12c2fcc391} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WNetPws (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saequuk (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjafghs (Trojan.Agent.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://ww12.cherche.us Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Users\Arthur\AppData\Local\xjafghs.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\bcgaabkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\bdehceba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\yliajsjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\msmeoxpg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\wtnxdhwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\mqxhoknn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\euvknfgp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\captura.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo1.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo2.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo3.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\codigo4.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\error.bmp (Malware.Traces) -> Quarantined and deleted successfully.
C:\Users\Victor\Desktop\VirusRanger v3.6.0.lnk (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VirusRanger v3.6.0.lnk (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Users\Les Jacq\AppData\Roaming\Microsoft\Windows\Start Menu\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\VirusRanger v3.6.0.lnk (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\zfe3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\saequuk_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\xjafghs_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\saequuk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\xjafghs_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Users\Arthur\wInternet.exe (Redir.ChercheUs) -> Quarantined and deleted successfully.

Réponse 31 / 95

Utilisateur anonyme
21 oct. 2010 à 13:03

il n'est pas a jour

Réponse 32 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
21 oct. 2010 à 13:21

D'accord] désolé je refais ça...

Réponse 33 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
21 oct. 2010 à 18:17

Je ne comprend pas je n'ai toujours aucun rapport de plus que les anciens d'enregistrer ?! Fin bref j'ai supprimer tout es virus en quarantaine et j'ai supprimer ceux trouver dans le scan ;) Je pense qu'on peut passer le rapport on l'aura pas :(

Réponse 34 / 95

Utilisateur anonyme
21 oct. 2010 à 19:23

ok je peux réavoir un scan OTL ?

Réponse 35 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
21 oct. 2010 à 20:11

ok je fait ça ;)

Réponse 36 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
21 oct. 2010 à 20:22

Bon j'ai un fichier texte de plus nommé Extra.txt donc je te le met :
http://www.cijoint.fr/cjlink.php?file=cj201010/cijOtdgng8.txt

Et le fichier OTL.txt :
http://www.cijoint.fr/cjlink.php?file=cj201010/cij3fQn5Fi.txt

Voila merci encore ;)

Réponse 37 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
31 oct. 2010 à 03:14

Alors ça fait tout de même un bout de temps que tu ne m'as pas répondu :(

Réponse 38 / 95

Utilisateur anonyme
31 oct. 2010 à 13:58

salut désolé mais j ai l impression que la memoire des topics persos n'est pas en forme , tu n'es pas le premier sujet que je perds !!

tu fais quoi avec un aspirateur de sites ?

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
PRC - C:\Program Files\BurnAware Free\NMSAccess32.exe ()
PRC - C:\Users\Arthur\Desktop\trayit!.exe (Igor Nys)
DRV - (ASPI32) -- File not found
IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://ww12.cherche.us
IE - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://google.cherche.us/...
IE - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-21-285529066-2399538075-2089067347-1002\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O4 - HKLM..\Run: [phoenixInjector] C:\Windows\System32\ConsoleReader.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
[2010/10/16 17:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\install
[2010/10/16 17:34:36 | 000,327,680 | ---- | M] () -- C:\windrev.exe
[2010/10/10 21:12:12 | 000,040,113 | -H-- | M] () -- C:\logs.dat
@Alternate Data Stream - 498 bytes -> C:\Users\All Users\TEMP:05EE1EEF
@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\Users\All Users\TEMP:88050731
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:88050731
@Alternate Data Stream - 123 bytes -> C:\Users\All Users\TEMP:C3EBEE6C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C3EBEE6C
@Alternate Data Stream - 112 bytes -> C:\Users\All Users\TEMP:8CE646EE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\TEMP:C5760A8B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C5760A8B

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

:commands
[emptytemp]
[start explorer]
[reboot]

▶ Clique sur "Correction" pour lancer la suppression.

▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

Réponse 39 / 95

thuthur76 Messages postés 196 Date d'inscription mercredi 10 décembre 2008 Statut Membre Dernière intervention 26 juillet 2013 22
31 oct. 2010 à 19:31

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Process NMSAccess32.exe killed successfully!
No active process named trayit!.exe was found!
Service ASPI32 stopped successfully!
Service ASPI32 deleted successfully!
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
C:\Program Files\Softonic_France\tbSoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKU\S-1-5-21-285529066-2399538075-2089067347-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-285529066-2399538075-2089067347-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-285529066-2399538075-2089067347-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-285529066-2399538075-2089067347-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-285529066-2399538075-2089067347-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
HKU\S-1-5-21-285529066-2399538075-2089067347-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry value HKEY_USERS\S-1-5-21-285529066-2399538075-2089067347-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\phoenixInjector not found.
File C:\Windows\System32\ConsoleReader.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Windows\System32\install folder moved successfully.
C:\windrev.exe moved successfully.
C:\logs.dat moved successfully.
ADS C:\Users\All Users\TEMP:05EE1EEF deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
ADS C:\Users\All Users\TEMP:88050731 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:88050731 .
ADS C:\Users\All Users\TEMP:C3EBEE6C deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:C3EBEE6C .
ADS C:\Users\All Users\TEMP:8CE646EE deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:8CE646EE .
ADS C:\Users\All Users\TEMP:C5760A8B deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:C5760A8B .
========== REGISTRY ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Arthur
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Les Jacq
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: Victor
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1715385 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16919437213 bytes

Total Files Cleaned = 16 137,00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10312010_191803

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Voila merci a toi de te préoccuper de mon cas ;) !

Réponse 40 / 95

Utilisateur anonyme
31 oct. 2010 à 20:45

et à cette question ? :

tu fais quoi avec un aspirateur de sites ?