Virus bloque toutes les actions - Fermé

Question

Bonjour, 

J'écris ce message depuis mon netbook. 
Mon 2e ordinateur, celui de la config d'en dessous, à reçu un beau cheval de troie qui s'active à chaque démarrage sans que je ne puis rien n'y faire. Il s'agit d'un logiciel copiant windows security, mais avec des différences flagrantes. Il me fait un scan (Que j'arrête immédiatement) mais qui détecte des virus. Bien sûr, il me demande d'envoyer mon e-mail pour avoir une nouvelle version pour les supprimer. Cette merde aurait pu rester anodine, mais elle bloque toute mes actions : Je ne peut plus lancer internet, et le gestionnaire de tâches se ferme automatiquement. J'ai accès à Avast et j'ai lancé un scan au démarrage qui se passe en ce moment, mais j'ai peur pour ma machine. 

Configuration: Clavier/souris
Ecran plat 1280x768 32 bits
AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ 2.71 GHz
3.0 GB RAM
GeForce 8600 GT, Pixel Shader version 3.0 /Vertex Shader version 3.0/ Video RAM 512.0 MB
Windows xp professional LSD SP2.

juju666 · Answer

Bonjour.

&#9654 Télécharge sur le bureau RogueKiller  (par tigzy)   

&#9654 &#9654 Sous Windows XP, double clic gauche   

&#9654 &#9654  Sous Vista/Seven, clique droit, lancer en tant qu'administrateur   

&#9654 Quitte tous tes programmes en cours   
&#9654 Lance RogueKiller.exe.   
&#9654 Un scan se lance, puis tu verra d''indiqué dans la fenêtre  
&#9830 1. Recherche (écrit en vert) 
&#9830 2. Suppression(écrit en rouge)  
&#9830 3. Hosts RAZ (écrit en rouge)  
&#9830 4. Proxy RAZ (écrit en rouge) 
&#9830 5. DNS RAZ (écrit en rouge) 
&#9830 6. Raccourcis RAZ (écrit en rouge) 
&#9830 0. Quitter (écrit en vert) 
&#9654  A ce moment tape 1 et valide   

&#9654 Une fois terminé, un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse.
&#9654 Utilise l'option 0 pour fermer RogueKiller à ce moment là.

&#9654 Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe

Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=24

Kamomil · Answer

J'ai eu un virus comme ça, c'est un marchand de logiciel qui vous dit d'acheter son truc pour protégéer votre ordi.
J'ai pu restaurer mon sys à une date antérieure et m'en suis ainsi débarrassé.

TomZanovich · Answer

Bon, j'ai terminé mon scan. Cela n'a rien changé. J'ai planifié un autre scan, celui ci pour les programmes se lançant au démarrage. Je m'en occuperai demain.

Au fait, à propos de Rogue Killer : Je ne peut pas accéder à internet, je ne peut donc pas le télécharger

juju666 · Answer

bah comment tu fais pour venir ici alors ? 
télécharge roguekiller depuis le netbook et transfère via clé usb sur le pc malade ;)

TomZanovich · Answer

C'est bizarre, mais... Mon ordinateur refonctionne ! Privacy Protection à disparu comme par magie...

juju666 · Answer

Passe RogueKiller, c'est un faux espoir :)

TomZanovich · Answer

OK : RogueKiller V6.1.10 [18/11/2011] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: ChloÚ [Droits d'admin] Mode: Recherche -- Date : 21/11/2011 17:17:00 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 13 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : engel (C:\Documents and Settings\ChloÚ\Application Data\updates\updates.exe) -> FOUND [SUSP PATH] HKCU\[...]\Run : CE8SIIFGSU (C:\DOCUME~1\CHLO~1\LOCALS~1\Temp\Usq.exe) -> FOUND [BLACKLIST DLL] HKCU\[...]\Run : Wyusi (rundll32.exe "C:\WINDOWS\mfdscdms.dll",Startup) -> FOUND [SUSP PATH] HKCU\[...]\Run : Privacy Protection (C:\Documents and Settings\All Users\Application Data\privacy.exe) -> FOUND [PREVRUN] HKLM\[...]\Run : NvMediaCenter (RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login) -> FOUND [PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1960408961-1425521274-725345543-1003[...]\Run : engel (C:\Documents and Settings\ChloÚ\Application Data\updates\updates.exe) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1960408961-1425521274-725345543-1003[...]\Run : CE8SIIFGSU (C:\DOCUME~1\CHLO~1\LOCALS~1\Temp\Usq.exe) -> FOUND [BLACKLIST DLL] HKUS\S-1-5-21-1960408961-1425521274-725345543-1003[...]\Run : Wyusi (rundll32.exe "C:\WINDOWS\mfdscdms.dll",Startup) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1960408961-1425521274-725345543-1003[...]\Run : Privacy Protection (C:\Documents and Settings\All Users\Application Data\privacy.exe) -> FOUND [BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.AntiSpy-SP ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

TomZanovich · Answer

Quelqu'un sait quoi faire ? Je dois supprimer ?

TomZanovich · Answer

S'il vous plaît, il va falloir que je parte et je ne suis pas sûr que mon PC refonctionnera

juju666 · Answer

Je peux manger ? xD

Relance roguekiller en option 2 puis 0

poste le rapport.

TomZanovich · Answer

Pardon, J'apprécie ce que vous faites pour moi : RogueKiller V6.1.10 [18/11/2011] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: ChloÚ [Droits d'admin] Mode: Suppression -- Date : 21/11/2011 17:36:57 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 9 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : engel (C:\Documents and Settings\ChloÚ\Application Data\updates\updates.exe) -> DELETED [SUSP PATH] HKCU\[...]\Run : CE8SIIFGSU (C:\DOCUME~1\CHLO~1\LOCALS~1\Temp\Usq.exe) -> DELETED [BLACKLIST DLL] HKCU\[...]\Run : Wyusi (rundll32.exe "C:\WINDOWS\mfdscdms.dll",Startup) -> DELETED [SUSP PATH] HKCU\[...]\Run : Privacy Protection (C:\Documents and Settings\All Users\Application Data\privacy.exe) -> DELETED [PREVRUN] HKLM\[...]\Run : NvMediaCenter (RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login) -> DELETED [PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> DELETED [BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.AntiSpy-SP ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[1].txt >> RKreport[1].txt

juju666 · Answer

Là il est désactivé, mais l'infection est toujours présente.

Il y a également l'infection Renos.

Ton infection est donc une infection qui se propage par disques amovibles (clefs USB, disque dur externe, carte flash etc..).
Les disques amovibles que tu as insérés dans l'ordinateur quand celui-ci était infecté ont été infectés à leur tour.

Le simple faite d'ouvrir le poste de travail et de double-cliquer sur ta clef USB/disque dur externe va réinfecter ton système.
Tu trouveras un lien explicatif sur la propagation de ces infections, comment s'en protéger etc.... à partir de ces liens :

https://forum.malekal.com/viewtopic.php?t=5544&start= 

&#9654 Télécharge ici : USBFIX sur ton bureau

OU lien alternatif : http://general-changelog-team.fr/telechargements/logiciels/viewdownload/80-outils-de-el-desaparecido/32-usbfix

branche tous tes périphériques externes sans les ouvrir (MP3, MP4, clé USB, disque dur externe, GSM, ...)

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

&#9654 choisi l option Suppression

&#9654 UsbFix scannera ton pc , laisse travailler l outil.

&#9654 Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

&#9654 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=9

~~

&#9654 Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
&#9654 Effectue la mise à jour et lance Malwarebytes' Anti-Malware

&#9654 &#9654 Si tu n''arrive pas à le mettre à jour, télécharge ce fichier , ferme MBAM, et exécute le

&#9654 Clique dans l'onglet du haut "Recherche"
&#9654 Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
&#9654 Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

&#9654 Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

&#9654 Clique sur OK puis "Afficher les résultats"
&#9654 Choisis l'option "Supprimer la sélection"
&#9654 Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
&#9654 Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
&#9654 Sinon le rapport s'ouvre automatiquement après la suppression

Quelque soit le résultat, copie/colle le rapport dans le prochain message

Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=10

TomZanovich · Answer

Rapport USB fix (Je fais Malwere en ce moment même) :

############################## | UsbFix V 7.069 | [Suppression]

Utilisateur: ChloÚ (Administrateur) # CHLOE
Mis à jour le 20/11/2011 par El Desaparecido
Lancé à 17:42:41 | 21/11/2011

Site Web: https://www.sosvirus.net/
Fichier suspect ? : http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (GA-MA69GM-S2H) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ (2706)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ (2706)
RAM -> [ Total : 3326 | Free : 2493 ]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [ (!) Disabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Disque fixe # 298 Go (145 Go libre(s) - 49%) [] # NTFS
D:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (1 Go libre(s) - 36%) [KINGSTON] # FAT32

################## | Processus Actif |

C:\WINDOWS\System32\smss.exe (720)
C:\WINDOWS\system32\winlogon.exe (796)
C:\WINDOWS\system32\services.exe (840)
C:\WINDOWS\system32\lsass.exe (852)
C:\WINDOWS\system32
vsvc32.exe (1008)
C:\WINDOWS\system32\svchost.exe (1084)
C:\WINDOWS\System32\svchost.exe (1244)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1488)
C:\WINDOWS\Explorer.EXE (1708)
C:\Program Files\Vtune\TBPanel.exe (460)
C:\WINDOWS\RTHDCPL.EXE (476)
C:\Program Files\Microsoft IntelliType Pro	ype32.exe (492)
C:\Program Files\Microsoft IntelliPoint\point32.exe (504)
C:\WINDOWS\System32\svchost.exe (524)
C:\WINDOWS\system32\svchost.exe (748)
C:\Program Files\Google\Update\GoogleUpdate.exe (816)
C:\WINDOWS\system32\svchost.exe (856)
C:\Program Files\Java\jre6\bin\jqs.exe (1092)
C:\WINDOWS\System32\svchost.exe (1688)
C:\WINDOWS\System32\svchost.exe (1720)
C:\WINDOWS\system32\PnkBstrA.exe (1016)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2072)
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (2180)
C:\WINDOWS\system32\svchost.exe (2204)
C:\WINDOWS\system32\mspmspsv.exe (2256)
C:\WINDOWS\system32\wbem\wmiapsrv.exe (2892)
C:\Program Files\Java\jre6\bin\jusched.exe (3284)
C:\Program Files\Alwil Software\Avast5\avastUI.exe (3308)
C:\WINDOWS\VM_STI.EXE (3328)
C:\PROGRA~1\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (3368)
C:\Program Files\QuickTime\qttask.exe (3376)
C:\WINDOWS\system32\RunDLL32.exe (3392)
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (3512)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3532)
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (3588)
C:\WINDOWS\system32\ctfmon.exe (3600)
C:\WINDOWS\lclock.exe (3624)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3632)
C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (3652)
C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Akamai
etsession_win.exe (3704)
C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Akamai
etsession_win.exe (3948)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (4020)
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (4032)
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe (4060)
C:\Program Files\MagicDisc\MagicDisc.exe (228)
C:\Program Files\OpenOffice.org 3\program\soffice.exe (1376)
C:\Program Files\OpenOffice.org 3\program\soffice.bin (2348)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2536)
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (3056)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (3244)
C:\Program Files\Java\jre6\bin\jucheck.exe (2156)
C:\Program Files\Mozilla Firefox\firefox.exe (3304)
C:\UsbFix\UsbFix.exe (1660)

################## | Processus Stoppés |

Stoppé! C:\WINDOWS\system32
vsvc32.exe (1008)
Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1488)
Stoppé! C:\WINDOWS\Explorer.EXE (1708)
Stoppé! C:\Program Files\Vtune\TBPanel.exe (460)
Stoppé! C:\WINDOWS\RTHDCPL.EXE (476)
Stoppé! C:\Program Files\Microsoft IntelliType Pro	ype32.exe (492)
Stoppé! C:\Program Files\Microsoft IntelliPoint\point32.exe (504)
Stoppé! C:\Program Files\Google\Update\GoogleUpdate.exe (816)
Stoppé! C:\Program Files\Java\jre6\bin\jqs.exe (1092)
Stoppé! C:\WINDOWS\system32\PnkBstrA.exe (1016)
Stoppé! C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2072)
Stoppé! C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (2180)
Stoppé! C:\WINDOWS\system32\mspmspsv.exe (2256)
Stoppé! C:\WINDOWS\system32\wbem\wmiapsrv.exe (2892)
Stoppé! C:\Program Files\Java\jre6\bin\jusched.exe (3284)
Stoppé! C:\Program Files\Alwil Software\Avast5\avastUI.exe (3308)
Stoppé! C:\WINDOWS\VM_STI.EXE (3328)
Stoppé! C:\PROGRA~1\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (3368)
Stoppé! C:\Program Files\QuickTime\qttask.exe (3376)
Stoppé! C:\WINDOWS\system32\RunDLL32.exe (3392)
Stoppé! C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (3512)
Stoppé! C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3532)
Stoppé! C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (3588)
Stoppé! C:\WINDOWS\system32\ctfmon.exe (3600)
Stoppé! C:\WINDOWS\lclock.exe (3624)
Stoppé! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3632)
Stoppé! C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (3652)
Stoppé! C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Akamai
etsession_win.exe (3704)
Stoppé! C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Akamai
etsession_win.exe (3948)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (4020)
Stoppé! C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe (4032)
Stoppé! C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe (4060)
Stoppé! C:\Program Files\MagicDisc\MagicDisc.exe (228)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.exe (1376)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.bin (2348)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2536)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (3056)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (3244)
Stoppé! C:\Program Files\Java\jre6\bin\jucheck.exe (2156)
Stoppé! C:\Program Files\Mozilla Firefox\firefox.exe (3304)

################## | Éléments infectieux |

Supprimé! C:\Recycler\S-1-5-21-1960408961-1425521274-725345543-1003

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU\Software\Microsoft\Handle
Supprimé! HKU\.DEFAULT\Software\Microsoft\Handle
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{f9ba8c98-134a-11e0-9122-001d7de62e8a}

################## | Listing |

[26/09/2008 - 18:14:45 | D ] 	C:\Alexandra Ledermann 6
[24/09/2008 - 04:09:56 | N | 0] 	C:\AUTOEXEC.BAT
[24/09/2008 - 12:47:05 | N | 224] 	C:\boot.ini
[28/08/2001 - 15:00:00 | N | 4952] 	C:\Bootfont.bin
[05/04/2009 - 13:34:24 | N | 362] 	C:\checkrun.txt
[23/03/2011 - 12:14:33 | D ] 	C:\Codemasters
[21/11/2011 - 17:04:55 | D ] 	C:\Config.Msi
[24/09/2008 - 04:09:56 | N | 0] 	C:\CONFIG.SYS
[24/09/2008 - 12:50:38 | N | 86] 	C:\csb.log
[08/05/2011 - 13:19:17 | D ] 	C:\Documents and Settings
[24/09/2008 - 06:02:24 | D ] 	C:\Drivers
[28/02/2009 - 21:31:14 | D ] 	C:\fa060d4d563105ba8bb351
[19/11/2011 - 16:41:23 | D ] 	C:\Fraps
[30/08/2010 - 18:02:13 | D ] 	C:\Games
[29/06/2010 - 13:09:44 | N | 253] 	C:\Info.txt
[24/09/2008 - 04:09:56 | N | 0] 	C:\IO.SYS
[24/09/2008 - 04:09:56 | N | 0] 	C:\MSDOS.SYS
[10/11/2010 - 14:07:13 | D ] 	C:\Nexon
[03/08/2004 - 23:38:34 | N | 47564] 	C:\NTDETECT.COM
[03/08/2004 - 23:59:44 | N | 251712] 	C:
tldr
[01/12/2010 - 14:58:44 | D ] 	C:\NVIDIA
[21/11/2011 - 16:59:01 | ASH | 2145386496] 	C:\pagefile.sys
[12/11/2011 - 17:56:55 | D ] 	C:\Program Files
[14/11/2010 - 18:13:01 | D ] 	C:\ProgramData
[14/09/2011 - 17:38:59 | N | 33664388] 	C:\ProvingGrounds_PMC.emf
[21/11/2011 - 17:45:36 | SHD ] 	C:\RECYCLER
[17/04/2011 - 13:44:01 | D ] 	C:\Red Storm Entertainment
[24/09/2008 - 12:47:55 | N | 797] 	C:\RHDSetup.log
[08/10/2010 - 20:02:57 | D ] 	C:\sierra
[28/10/2008 - 17:27:51 | N | 268] 	C:\sqmdata00.sqm
[30/10/2008 - 22:05:49 | N | 268] 	C:\sqmdata01.sqm
[13/01/2009 - 18:32:26 | N | 232] 	C:\sqmdata02.sqm
[28/01/2009 - 08:51:00 | N | 232] 	C:\sqmdata03.sqm
[28/01/2009 - 10:31:31 | N | 232] 	C:\sqmdata04.sqm
[29/01/2009 - 00:38:48 | N | 232] 	C:\sqmdata05.sqm
[29/01/2009 - 00:53:16 | N | 232] 	C:\sqmdata06.sqm
[29/01/2009 - 22:05:55 | N | 232] 	C:\sqmdata07.sqm
[30/01/2009 - 14:56:44 | N | 232] 	C:\sqmdata08.sqm
[31/01/2009 - 00:06:13 | N | 208] 	C:\sqmdata09.sqm
[31/01/2009 - 09:52:11 | N | 232] 	C:\sqmdata10.sqm
[28/10/2008 - 17:27:51 | N | 244] 	C:\sqmnoopt00.sqm
[30/10/2008 - 22:05:49 | N | 244] 	C:\sqmnoopt01.sqm
[13/01/2009 - 18:32:26 | N | 244] 	C:\sqmnoopt02.sqm
[28/01/2009 - 08:51:00 | N | 244] 	C:\sqmnoopt03.sqm
[28/01/2009 - 10:31:31 | N | 244] 	C:\sqmnoopt04.sqm
[29/01/2009 - 00:38:48 | N | 244] 	C:\sqmnoopt05.sqm
[29/01/2009 - 00:53:16 | N | 244] 	C:\sqmnoopt06.sqm
[29/01/2009 - 22:05:55 | N | 244] 	C:\sqmnoopt07.sqm
[30/01/2009 - 14:56:44 | N | 244] 	C:\sqmnoopt08.sqm
[31/01/2009 - 00:06:13 | N | 172] 	C:\sqmnoopt09.sqm
[31/01/2009 - 09:52:11 | N | 244] 	C:\sqmnoopt10.sqm
[14/03/2009 - 11:43:19 | N | 122] 	C:\ss_nb.dat
[14/03/2009 - 11:43:20 | N | 122] 	C:\ss_udp.dat
[14/03/2009 - 11:43:19 | N | 122] 	C:\ss_udp2.dat
[24/09/2008 - 12:45:50 | SHD ] 	C:\System Volume Information
[22/08/2010 - 10:02:00 | N | 3] 	C:	.tmp
[24/09/2011 - 12:22:45 | N | 59845568] 	C:\Takistan.emf
[25/10/2009 - 10:30:54 | D ] 	C:	emp
[04/05/2011 - 21:54:31 | D ] 	C:	mp
[31/10/2008 - 14:53:00 | N | 11] 	C:\TOMBPATH.TXT
[29/12/2008 - 10:23:05 | D ] 	C:\TOMBRAID
[26/12/2008 - 13:59:39 | D ] 	C:\TR2-1.net
[29/12/2008 - 10:23:05 | N | 22] 	C:\TUBPATH.BAT
[21/11/2011 - 17:45:36 | D ] 	C:\UsbFix
[21/11/2011 - 17:46:52 | A | 6919] 	C:\UsbFix.txt
[21/11/2011 - 17:00:23 | D ] 	C:\WINDOWS
[14/09/2011 - 16:33:21 | N | 43441916] 	C:\Zargabad.emf
[09/11/2011 - 13:38:36 | N | 346112] 	G:\O.doc
[05/09/2010 - 11:04:52 | N | 1335149] 	G:\cours_01-02.pdf
[21/08/2010 - 23:05:52 | N | 1969381] 	G:\arthrosethèse.pdf
[06/11/2011 - 18:02:20 | N | 9953280] 	G:\Bienvenue sur O.doc
[05/10/2011 - 14:46:44 | N | 4651254] 	G:\Copie de Sans titre 2.bmp
[15/10/2011 - 19:05:54 | N | 1885696] 	G:\Normal.dot
[10/10/2011 - 11:57:02 | N | 14717952] 	G:\O1.doc
[14/09/2011 - 16:21:12 | N | 5738496] 	G:\~WRL2820.tmp
[11/11/2011 - 14:46:04 | N | 1347512] 	G:\015.JPG
[11/11/2011 - 14:47:02 | N | 1218655] 	G:\018.JPG
[11/11/2011 - 14:47:24 | N | 1462301] 	G:\022.JPG
[11/11/2011 - 15:01:02 | N | 638281] 	G:\029.JPG
[11/11/2011 - 14:50:04 | N | 1431239] 	G:\030.JPG
[11/11/2011 - 14:50:16 | N | 1270616] 	G:\031.JPG
[11/11/2011 - 14:50:36 | N | 1230916] 	G:\032.JPG
[13/10/2011 - 11:26:44 | D ] 	G:\a garder
[17/10/2011 - 12:04:24 | N | 40448] 	G:\Oma.doc
[25/10/2011 - 10:04:02 | N | 32768] 	G:\Prologu111e.doc
[11/04/2008 - 07:23:32 | N | 58721180] 	G:\Leçon Salsa N°1.mov
[14/08/2010 - 15:37:24 | D ] 	G:\Musique

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_CHLOE.zip
http://eldesaparecido.com/upload.htmlp
Merci de votre contribution.

################## | Reboot |

(!) L'ordinateur n'à été redémarré!

################## | E.O.F |

TomZanovich · Answer

Tu est sûr ? Rien de grave ?

Malware bosse dur en ce moment même

TomZanovich · Answer

Waho... Déjà 74 éléments infectés après 12 minutes

juju666 · Answer

je sais :)

TomZanovich · Answer

Re mon ami !

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8209

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21/11/2011 19:08:45
mbam-log-2011-11-21 (19-08-45).txt

Type d'examen: Examen complet (C:\|D:\|G:\|)
Elément(s) analysé(s): 425524
Temps écoulé: 1 heure(s), 8 minute(s), 11 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 85
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 38
Fichier(s) infecté(s): 137

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40af-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ed-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3ETECE6I8G (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1 (Adware.EoRezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.22.0 (Adware.HotBar) -> Value: ShopperReports 3.1.22.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790470B07659543FAD92 (Malware.Trace) -> Value: SRS_IT_E8790470B07659543FAD92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Value: eorezo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cseport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cses1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cseport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cses1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\softwareupdate (Adware.EoRezo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\shopperreports3\bin\3.1.22.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\szdsq.exqa (Trojan.Agent.CoXGen) -> Quarantined and deleted successfully.
c:\program files\Steam\steamapps\common\hitman blood money\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\program files\Steam\steamapps\common\mafia ii - public demo\pc\mafia.ii.[demo]-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cseport\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cseport\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\Firefox\cses1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cseport\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cseport\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\shopperreports3\IE\cses1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\cache (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\cmhost.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\confmedia.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\host.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\user.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\eoweather.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\eoweatherval_02ec282.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\band.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\band_small.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic
ext.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic
extpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classiceflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\small_background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_classic\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\about.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo
ext.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo
extpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteoeflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\eoweather\images_station_meteo	xt_14x13.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\softwareupdate\unins000.dat (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\softwareupdate\unins000.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\ChloÚ\application data\EoRezo\softwareupdate\user_profil.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.

juju666 · Answer

Y'a pas que du rogue ...

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Recherche] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt

Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=16

TomZanovich · Answer

Ok, je vais faire. Mais avant, mon PC marchais très bien. Protection machin ne viendra plus, hein ?

TomZanovich · Answer

# AdwCleaner v1.319 - Rapport créé le 21/11/2011 à 19:22:04
# Mis à jour le 20/11/11 à 11h par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 2 (32 bits)
# Nom d'utilisateur : ChloÚ - CHLOE (Administrateur)
# Exécuté depuis : C:\Documents and Settings\ChloÚ\Mes documents\Téléchargements\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\All Users\Application Data\Babylon
Dossier Présent : C:\Documents and Settings\ChloÚ\Application Data\Babylon
Dossier Présent : C:\Documents and Settings\ChloÚ\Application Data\OfferBox
Dossier Présent : C:\Documents and Settings\ChloÚ\Application Data\PriceGong
Dossier Présent : C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Babylon
Dossier Présent : C:\Documents and Settings\ChloÚ\Local Settings\Application Data\Conduit
Dossier Présent : C:\Documents and Settings\ChloÚ\Local Settings\Application Data\ConduitEngine
Dossier Présent : C:\Program Files\Ask.com
Dossier Présent : C:\Program Files\Conduit
Dossier Présent : C:\Program Files\ConduitEngine
Dossier Présent : C:\Documents and Settings\ChloÚ\Application Data\Mozilla\Firefox\Profiles\kcnlynwl.default\Conduit
Dossier Présent : C:\Documents and Settings\ChloÚ\Application Data\Mozilla\Firefox\Profiles\kcnlynwl.default\ConduitEngine
Dossier Présent : C:\Documents and Settings\ChloÚ\Application Data\Mozilla\Firefox\Profiles\kcnlynwl.default\extensions\engine@conduit.com
Fichier Présent : C:\WINDOWS\system32\conduitEngine.tmp
Fichier Présent : C:\Documents and Settings\ChloÚ\Application Data\Mozilla\Firefox\Profiles\kcnlynwl.default\searchplugins\Askcom.xml
Fichier Présent : C:\Documents and Settings\ChloÚ\Application Data\Mozilla\Firefox\Profiles\kcnlynwl.default\searchplugins\Conduit.xml

***** [Registre] *****

Clé Présente : HKCU\Toolbar
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\conduitEngine
Clé Présente : HKCU\Software\DataMngr
Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\Offerbox
Clé Présente : HKCU\Software\PriceGong
Clé Présente : HKLM\SOFTWARE\Conduit
Clé Présente : HKLM\SOFTWARE\conduitEngine
Clé Présente : HKLM\SOFTWARE\DataMngr
Clé Présente : HKLM\SOFTWARE\OpenCandy NSIS SDK
Clé Présente : HKLM\SOFTWARE\Messenger Plus!\OpenCandy
Clé Présente : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4

Virus bloque toutes les actions -

25 réponses

Discussions similaires