C:\autorun.inf

Résolu

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention -
djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention - 1 juil. 2011 à 00:20

Bonjour,

J'ai actuellement un souci avec mon PC (je suis sous Windows 7).
Chaque fois que je le démarre, mon antivirus (avira) me détecte un virus autorun.inf sur chacune de mes partitions.
De plus, ma connexion internet diminue fortement après 5-10mn d'utilisation.
J'ai bien essayé de faire des recherches, mais aucune solution n'a fonctionnée.
Si une âme charitable pouvait avoir pitié de moi, je lui en serais très reconnaissant.
Cordialement.

Afficher la suite

42 réponses

1
2
3

Suivant

Réponse 1 / 42

Utilisateur anonyme

▶ Télécharge ici : USBFIX sur ton bureau

branche tous tes periphériques sans les ouvrir

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

▶ choisi l option Listing

▶ UsbFix scannera ton pc , laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Utilisateur anonyme

Hello Pascal ,

Si tu fais pas l'option "clean" tu pourras demander un listing stp ...

Thanks .

Bonne suite .

PS : tu vas recevoir un mp ;)

Utilisateur anonyme

ok :)

Utilisateur anonyme

re ,

Donc pas besoin du listing ... ;)

Je t'ai mailé sur live.fr .

@+

Utilisateur anonyme

je vais aller voir

Réponse 2 / 42

Utilisateur anonyme

salut qu'as-tu essayé comme solutions ?

Réponse 3 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

Malwarebytes, CCleaner, comboFix
Ainsi que Avast et Bitdefender (que j'ai ensuite désinstallé)

Réponse 4 / 42

Utilisateur anonyme

ok poste ton rapport de combofix stp ainsi que ce lui de malwarebytes

attention avec combofix , ce n'est pas un jouet ,

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

Désolé pour le temps de réponse je suis en Roumanie actuellement donc je n'ai pas tout le temps accès à internet

Voici celui de combofix:
ComboFix 11-06-29.02 - djo 29/06/2011 13:38:26.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3067.1847 [GMT 3:00]
Lancé depuis: c:\users\djo\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\djo\AppData\Roaming\djolog.dat
c:\users\djo\AppData\Roaming\windows.txt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-28 au 2011-06-29 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-28 21:17 . 2011-06-28 21:17 -------- d-----w- c:\users\djo\AppData\Roaming\Avira
2011-06-28 21:08 . 2011-06-29 10:13 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-28 21:08 . 2011-06-29 10:12 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 21:08 . 2011-06-29 10:14 -------- d-----w- c:\programdata\Avira
2011-06-28 21:08 . 2011-06-28 21:08 -------- d-----w- c:\program files\Avira
2011-06-28 20:05 . 2011-06-28 20:05 -------- d-----w- c:\users\djo\AppData\Roaming\BitDefender
2011-06-28 19:23 . 2011-06-28 19:41 -------- d-----w- c:\users\djo\AppData\Roaming\GlarySoft
2011-06-22 18:20 . 2011-06-27 08:52 -------- d-----w- C:\UsbFix
2011-06-22 17:44 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 17:44 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 17:44 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-06-22 17:44 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-06-22 17:44 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-06-22 17:44 . 2011-06-22 17:44 -------- d-----w- c:\program files\PDFCreator
2011-06-22 17:44 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-06-22 17:44 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2011-06-22 17:44 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-06-22 17:44 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-06-22 17:42 . 2011-06-22 17:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:41 . 2011-06-22 17:41 -------- d-----w- c:\program files\FileHippo.com
2011-06-21 17:52 . 2011-06-21 17:53 -------- d--h--w- c:\program files\Zero G Registry
2011-06-21 17:52 . 2011-06-21 17:52 -------- d--h--w- c:\users\djo\InstallAnywhere
2011-06-21 17:50 . 2011-06-21 17:50 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-21 17:11 . 2011-06-21 17:11 -------- d-----w- c:\program files\MSSOAP
2011-06-21 17:09 . 2011-06-21 17:09 -------- d-----w- c:\programdata\a5ec0000-6f51-4aa0-efda-86d1241600bb
2011-06-21 16:56 . 2011-06-21 16:56 -------- d-----w- c:\programdata\449e0000-41dd-4657-9d92-b3b283fff3be
2011-06-21 16:53 . 2011-06-21 16:53 -------- d-----w- c:\programdata\86950000-2ace-43b0-b961-6912875e6ca1
2011-06-21 16:44 . 2011-06-21 16:44 -------- d-----w- c:\programdata\fde10000-b98c-4071-ca87-b930802f1097
2011-06-21 16:31 . 2011-06-21 16:31 -------- d-----w- c:\programdata\8afe0000-fe97-4fe8-c044-bfcf804b0ea5
2011-06-21 16:27 . 2011-06-21 16:27 -------- d-----w- c:\programdata\db1a0000-4f10-4257-770b-9eca447855b7
2011-06-21 16:22 . 2011-06-21 16:22 -------- d-----w- c:\users\djo\AppData\Roaming\QuickScan
2011-06-21 16:22 . 2011-06-21 17:11 -------- d-----w- c:\program files\Common Files\BitDefender
2011-06-21 16:22 . 2011-06-28 20:04 2565388 ----a-w- c:\programdata\bdinstall.bin
2011-06-21 15:05 . 2011-06-21 15:05 -------- d-----w- c:\program files\CCleaner
2011-06-21 12:31 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08013466-9B4C-4695-88BA-4D8CB8BBC2FA}\mpengine.dll
2011-06-21 08:32 . 2006-06-19 09:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-06-21 08:32 . 2006-05-25 11:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-06-21 08:32 . 2005-08-25 21:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-06-21 08:32 . 2002-03-05 21:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-06-21 08:32 . 2003-02-02 16:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-06-21 08:32 . 2011-06-21 17:54 -------- d-----w- c:\program files\Trojan Remover
2011-06-21 08:32 . 2011-06-21 08:32 -------- d-----w- c:\programdata\Simply Super Software
2011-06-21 08:23 . 2011-06-21 08:23 -------- d-----w- c:\program files\Prg Chris
2011-06-20 19:44 . 2011-06-20 19:44 -------- d-----w- c:\users\djo\AppData\Roaming\Malwarebytes
2011-06-20 19:44 . 2011-06-20 19:44 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 19:44 . 2011-05-29 06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 19:44 . 2011-06-20 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-20 19:44 . 2011-05-29 06:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 17:20 . 2011-06-20 17:20 -------- d-----w- c:\users\djo\AppData\Roaming\NVIDIA
2011-06-17 11:18 . 2011-06-20 21:34 -------- d-sh--r- c:\users\Public\J-93219-1923-12901
2011-06-13 12:03 . 2011-06-13 12:03 -------- d-----w- c:\program files\Common Files\Java
2011-06-11 16:46 . 2011-06-11 16:46 -------- d-----w- c:\program files\VirtualDubMOD
2011-06-06 10:32 . 2011-06-21 17:46 -------- d-----w- c:\programdata\AVAST Software
2011-06-06 10:32 . 2011-06-06 10:32 -------- d-----w- c:\program files\AVAST Software
2011-06-06 09:55 . 2011-06-06 09:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 09:55 . 2011-06-06 09:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-05-31 09:03 . 2011-06-06 10:58 -------- d-----w- c:\users\djo\AppData\Roaming\Temps
2011-05-30 15:18 . 2011-05-30 15:18 -------- d-----w- c:\program files\Electronic Arts
.
.
.

Le scan de Malwarebytes est en cours car je l'avais supprimé.

Réponse 6 / 42

Utilisateur anonyme

non le rapport est dans l'onglet rapports/logs le dernier en date

le rapport de combofix n'est pas complet

Réponse 7 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

oh oui désolé veuillez m'excuser je n'avais pas fait attention, voici le reste:
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-27 17:27 . 2011-06-22 18:28 53198 ----a-w- C:\UsbFix_Upload_Me_DJO-PC.zip
2011-06-21 16:34 . 2009-07-13 23:22 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2011-05-31 20:47 . 2011-05-29 12:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-31 20:47 . 2011-05-29 12:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-31 20:47 . 2011-05-29 12:42 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-31 20:45 . 2011-05-29 12:42 22328 ----a-w- c:\users\djo\AppData\Roaming\PnkBstrK.sys
2011-05-24 16:14 . 2011-02-04 20:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 01:52 . 2011-02-18 17:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-22 19:36 . 2011-05-25 10:04 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 06:13 . 2011-05-15 12:57 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-15 12:57 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-20 12:45 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-16 04:17 . 2011-06-20 21:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]
"Steam"="c:\program files\Steam\Steam.exe" [2011-05-27 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-06-29 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-06 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-06-29 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-29 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-29 421032]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-10 218688]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1977911716-3490854995-1287792960-1000Core.job
- c:\users\djo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05 18:24]
.
2011-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1977911716-3490854995-1287792960-1000UA.job
- c:\users\djo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05 18:24]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uInternet Settings,ProxyServer = ftp=proxy.tuiasi.ro:8080;http=proxy.tuiasi.ro:8080;https=proxy.tuiasi.ro:8080
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\djo\AppData\Roaming\Mozilla\Firefox\Profiles\xtqetazm.default\
FF - prefs.js: network.proxy.ftp - proxy.tuiasi.ro
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.tuiasi.ro
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.tuiasi.ro
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"18\" expireTime=\"1311268198\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"0\" />\0a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-06-29 13:46:51
ComboFix-quarantined-files.txt 2011-06-29 10:46
.
Avant-CF: 17 099 399 168 octets libres
Après-CF: 17 895 374 848 octets libres
.
- - End Of File - - F9D6F067949F3330D29FD46C174763E9

Pour Malwarebytes j'avais fais une analyse par partition:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6904

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/06/2011 00:34:36
mbam-log-2011-06-21 (00-34-36).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 237351
Temps écoulé: 43 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 67
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 25
Fichier(s) infecté(s): 44

Processus mémoire infecté(s):
c:\Users\Public\j-93219-1923-12901\msnmsg32.exe (Trojan.Agent.Gen) -> 2828 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mobile Device Service (Trojan.Agent.Gen) -> Value: Mobile Device Service -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPU Config (Trojan.Dropper) -> Value: CPU Config -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows movie maker (Trojan.Agent) -> Value: Windows movie maker -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.22.0 (Adware.HotBar) -> Value: ShopperReports 3.1.22.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879047EB57654573FAF92 (Malware.Trace) -> Value: SRS_IT_E879047EB57654573FAF92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Users\Public\j-93219-1923-12901\msnmsg32.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Local\Temp\udpconmain.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Local\Temp\133E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Local\Temp\2E5.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Local\Temp\84E0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\405B.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\6280.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\6A99.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\713D.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\8B0.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\95E0.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\A1E6.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\B39B.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\C640.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\F147.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\F6B8.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\djo\Desktop\cod1\call of duty keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\electronic arts\battlefield bad company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\djo\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6904

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/06/2011 14:00:06
mbam-log-2011-06-21 (14-00-06).txt

Type d'examen: Examen complet (D:\|)
Elément(s) analysé(s): 293137
Temps écoulé: 1 heure(s), 24 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6904

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/06/2011 12:35:21
mbam-log-2011-06-21 (12-35-21).txt

Type d'examen: Examen complet (E:\|)
Elément(s) analysé(s): 145276
Temps écoulé: 2 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 8 / 42

Utilisateur anonyme

desactive ton antivirus
desactive Windows defender si présent
desactive ton pare-feu

Ferme toutes tes appilications en cours

telecharge et enregistre ceci sur ton bureau :

Pre_Scan

mirroir :

http://www.archive-host.com

s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

si 'outil est bloqué par l'infection utilise cette version : Version .pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Réponse 9 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

Voici/ http://www.cijoint.fr/cjlink.php?file=cj201106/cijuAZ9d2M.txt

Réponse 10 / 42

Utilisateur anonyme

fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre

ouvre Pre_script et colle ce qui suit en gras, à l'interieur du texte qui s'ouvre ,
sans les lignes , en une seule fois en le mettant en surbrillance :
___________________________________________________
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

file::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
C:\ProgramData\bltofzsb.qlf

folder::
C:\ProgramData\449e0000-41dd-4657-9d92-b3b283fff3be
C:\ProgramData\86950000-2ace-43b0-b961-6912875e6ca1
C:\ProgramData\8afe0000-fe97-4fe8-c044-bfcf804b0ea5
C:\ProgramData\a5ec0000-6f51-4aa0-efda-86d1241600bb
C:\ProgramData\db1a0000-4f10-4257-770b-9eca447855b7
C:\ProgramData\fde10000-b98c-4071-ca87-b930802f1097

attrib::
___________________________________________________

copie-le (ctrl+c ou clique droit sur la selection puis => copier)

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail

Réponse 11 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

D'accord je ferais ça demain car je manque de temps ce soir.
Merci déjà pour votre temps consacré.
A demain.
Cordialement .

Réponse 12 / 42

Utilisateur anonyme

pas de soucis à te lire :)

Réponse 13 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

Et voila:

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Utilisateur : djo (Administrateurs)
Ordinateur : DJO-PC
Système d'exploitation : Windows 7 Ultimate (32 bits)
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 5.0 (en-US)

Switchs possibles :

processes:: | file:: | folder::
Registry:: | Driver:: | replace::
txt:: | Host:: | DNS:: | NsLook::
Command:: | list:: | attrib::

Script : 13:29:02

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

switchs :

file::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
C:\ProgramData\bltofzsb.qlf

folder::
C:\ProgramData\449e0000-41dd-4657-9d92-b3b283fff3be
C:\ProgramData\86950000-2ace-43b0-b961-6912875e6ca1
C:\ProgramData\8afe0000-fe97-4fe8-c044-bfcf804b0ea5
C:\ProgramData\a5ec0000-6f51-4aa0-efda-86d1241600bb
C:\ProgramData\db1a0000-4f10-4257-770b-9eca447855b7
C:\ProgramData\fde10000-b98c-4071-ca87-b930802f1097

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

attrib::

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Modification du registre effectuéé

¤

Absent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Absent : C:\ProgramData\bltofzsb.qlf

¤

Supprimé : C:\ProgramData\449e0000-41dd-4657-9d92-b3b283fff3be
Supprimé : C:\ProgramData\86950000-2ace-43b0-b961-6912875e6ca1
Supprimé : C:\ProgramData\8afe0000-fe97-4fe8-c044-bfcf804b0ea5
Supprimé : C:\ProgramData\a5ec0000-6f51-4aa0-efda-86d1241600bb
Supprimé : C:\ProgramData\db1a0000-4f10-4257-770b-9eca447855b7
Supprimé : C:\ProgramData\fde10000-b98c-4071-ca87-b930802f1097

¤

Disques externes : 1094 Objets réattribués
Disque Local : 6 Objets réattribués
Utilisateurs : 1 Objets réattribués
ProgramFiles : 17 Objets réattribués
Music : 86 Objets réattribués
Pictures : 0 Objets réattribués
Videos : 0 Objets réattribués
Downloads : 0 Objets réattribués
Desktop : 61 Objets réattribués
Links : 0 Objets réattribués
Searches : 3 Objets réattribués
Contacts : 0 Objets réattribués
Saved Games : 0 Objets réattribués
Favorites : 0 Objets réattribués
Documents : 5 Objets réattribués
Windows : 95 Objets réattribués
StartMenu : 2 Objets réattribués
Librairies : 0 Objets réattribués
Quick Launch : 2 Objets réattribués
%AppData% : 6 Objets réattribués

¤

explorer.exe -> Processus redémarré

Fin : 13:30:14

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

Réponse 14 / 42

Utilisateur anonyme

▶ Télécharge ici : Ad-remover sur ton bureau :

▶ Déconnecte toi et ferme toutes applications en cours !

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Réponse 15 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 13:45:17 le 30/06/2011, Mode normal

Microsoft Windows 7 Édition Intégrale (X86)
djo@DJO-PC (SAMSUNG ELECTRONICS CO., LTD. R610)

============== ACTION(S) ==============

Dossier supprimé: C:\Users\djo\AppData\LocalLow\ShopperReports3

(!) -- Fichiers temporaires supprimés.

Clé supprimée: HKCU\Software\AppDataLow\Software\ShopperReports3

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (en-US)] ****

FIREFOX.EXE\Shell\Open\Command - "C:\Program Files\Mozilla Firefox\Firefox.exe"
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\amazondotcom.xml (hxxp://www.amazon.com/exec/obidos/external-search/)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\eBay.xml (hxxp://rover.ebay.com/rover/1/711-47294-18009-3/4)
Searchplugins\wikipedia.xml (hxxp://en.wikipedia.org/wiki/Special:Search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

-- C:\Users\djo\AppData\Roaming\Mozilla\FireFox\Profiles\xtqetazm.default --
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Google Chrome Version [12.0.742.112] ****

Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)

-- C:\Users\djo\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://www.google.fr/
Preferences - homepage_is_newtabpage: false

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{9F0A97AE-886F-49b1-A497-229B9546CF5B} - C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe (Druide informatique inc.)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 5 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 30/06/2011 13:45:22 (3954 Octet(s))

Fin à: 13:46:07, 30/06/2011

============== E.O.F ==============

Réponse 16 / 42

Utilisateur anonyme

tu as deja essayé de cracker bitdefender par le passé ?

Réponse 17 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

Oui effectivement je possédais une version crackée

Réponse 18 / 42

Utilisateur anonyme

je peux meme te dire que c'était le 2009 ^^

Réponse 19 / 42

djo49sb Messages postés 29 Date d'inscription Statut Membre Dernière intervention

Surement je ne m'en souvient plus car je l'ai supprimé. C'était seulement pour lancer une analyse^^

Réponse 20 / 42

Utilisateur anonyme

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

SkipFix::

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne