TR/ATRAPS.Gen et TR/ATRAPS.Gen2
aleria2b
Messages postés
5
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Depuis 5 jours avira détecte des virus appeler TR/ATRAPS.Gen et TR/ATRAPS.Gen 2. Je n'arrive pas à m'en débarrasser. Je sais qu'on peut le faire à paritr de combofix mais j'ai besoin d'aide :). Please :)))) .
Depuis 5 jours avira détecte des virus appeler TR/ATRAPS.Gen et TR/ATRAPS.Gen 2. Je n'arrive pas à m'en débarrasser. Je sais qu'on peut le faire à paritr de combofix mais j'ai besoin d'aide :). Please :)))) .
A voir également:
- TR/ATRAPS.Gen et TR/ATRAPS.Gen2
- Sennheiser tr 4200 problème - Forum TV & Vidéo
- Sennheiser tr 120 mode d'emploi - Forum TV & Vidéo
- Tr signification ✓ - Forum Loisirs / Divertissements
- Sennheiser RS 120 II - Forum Casque et écouteurs
- Wap tr - Télécharger - Divers TV & Vidéo
3 réponses
Bonjour
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- Installe le console de récupération comme demandé ;utile en cas de plantage
- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- Installe le console de récupération comme demandé ;utile en cas de plantage
- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
aleria2b
Messages postés
5
Statut
Membre
Combofix commence à fonctionner puis s arrête avant de me demander de créer la console de récupération .... Que dois je faire,il ne fonctionne pas :(
Utilisateur anonyme
essaye en mode sans echec
aleria2b
Messages postés
5
Statut
Membre
Ça fonctionne le scan est presque fini
Voila le rapport :
ComboFix 12-07-07.03 - Massiani 07/07/2012 16:49:51.1.2 - x86
Lancé depuis: c:\users\Massiani\Desktop\asdehi.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\chrome.manifest
c:\program files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\languages_v2.xml
c:\program files\webmediaplayer\resources\webmedias
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\programdata\0025736b.tmp
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Désinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\Marianne\Desktop\Spyware-Secure trial.lnk
c:\users\Massiani\AppData\Local\kuwqi.dat
c:\users\Massiani\AppData\Local\kuwqi_nav.dat
c:\users\Massiani\AppData\Local\kuwqi_navps.dat
c:\users\Massiani\AppData\Local\miuwo_navfx.dat
c:\users\Massiani\AppData\Roaming\ClickPotatoLite
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\messaging.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\push.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\manage-apps.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\messaging.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\push.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\users\Massiani\pf-setup.exe
c:\users\Massiani\SafariSetup.exe
c:\users\Massiani\vlc-0.8.6f-win32.exe
c:\users\Public\sdelevURL.tmp
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\L\00000004.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\00000004.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\00000008.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\000000cb.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\80000000.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\80000032.@
D:\Documents.lnk
D:\install.exe
.
Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\asdehi6408a\HarddiskVolumeShadowCopy2_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56!services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-07 au 2012-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-07 15:07 . 2012-07-07 15:10 -------- d-----w- c:\users\Massiani\AppData\Local\temp
2012-07-07 15:07 . 2012-07-07 15:07 -------- d-----w- c:\users\Marianne\AppData\Local\temp
2012-07-07 15:07 . 2012-07-07 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 14:34 . 2012-07-07 14:34 -------- dc----w- C:\asdehi
2012-07-05 07:11 . 2012-07-06 12:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-05 07:11 . 2012-07-05 08:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-05 06:46 . 2012-07-05 06:46 -------- d-----w- c:\users\Massiani\AppData\Roaming\Avira
2012-07-05 06:34 . 2012-07-05 06:34 -------- d-----w- c:\users\Massiani\AppData\Local\APN
2012-07-05 06:32 . 2012-07-06 06:49 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-05 06:32 . 2011-12-01 15:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-05 06:32 . 2011-12-01 15:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-05 06:32 . 2012-07-05 06:32 -------- d-----w- c:\programdata\Avira
2012-07-05 06:32 . 2012-07-05 06:32 -------- d-----w- c:\program files\Avira
2012-07-04 17:40 . 2012-07-04 17:40 -------- d-----w- c:\users\Massiani\AppData\Local\Giant Savings
2012-07-04 17:40 . 2012-07-04 17:41 -------- d-----w- c:\program files\Giant Savings
2012-07-03 07:17 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC4A6511-0260-46AC-9BC0-F5ADDADDC29D}\mpengine.dll
2012-07-01 18:47 . 2012-07-01 18:47 -------- d-----w- c:\users\Massiani\AppData\Local\DDMSettings
2012-06-30 12:15 . 2012-06-14 22:19 15757792 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2012-06-30 12:15 . 2012-06-14 22:18 92640 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2012-06-30 12:15 . 2012-06-14 22:18 95712 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2012-06-30 12:15 . 2012-06-14 22:17 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-21 04:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:53 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:53 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 12:08 . 2012-06-19 12:08 -------- d-----w- c:\program files\iPod
2012-06-19 12:07 . 2012-06-19 12:09 -------- d-----w- c:\program files\iTunes
2012-06-14 05:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 05:01 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 05:01 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-13 05:51 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 05:51 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:51 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 05:51 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 05:50 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 13:55 . 2012-06-09 13:55 -------- d-----w- c:\programdata\Graboid Inc
2012-06-07 17:09 . 2012-06-07 17:09 -------- d-----w- c:\program files\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 05:11 . 2012-04-15 06:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 05:11 . 2011-05-22 05:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 22:19 . 2012-06-30 12:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}"= "c:\program files\blueshirtstudio\tbblue.dll" [2008-01-16 1530904]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeo2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}]
2012-01-17 17:46 470528 ----a-w- c:\program files\Premiumplay Codec-C\Premiumplay Codec-C.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}]
2012-06-12 16:22 488832 ----a-w- c:\program files\Giant Savings\Giant Savings.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
2008-01-16 09:32 1530904 ----a-w- c:\program files\blueshirtstudio\tbblue.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Veoh_Web_Player\prxtbVeo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}"= "c:\program files\blueshirtstudio\tbblue.dll" [2008-01-16 1530904]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeo2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BFCDCEBE-E1FB-40F9-B4E2-7BB1138EF76C}"= "c:\program files\blueshirtstudio\tbblue.dll" [2008-01-16 1530904]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\prxtbVeo2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2010-08-22 1692504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 03:39]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 03:39]
.
2012-07-07 c:\windows\Tasks\User_Feed_Synchronization-{E0141527-B5D5-4EC4-8CF7-6C43F57206A0}.job
- c:\windows\system32\msfeedssync.exe [2011-04-28 16:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Massiani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1_2-0.cab
FF - ProfilePath - c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113357&tt=010712_3&babsrc=KW_ss&mntrId=e4d7fb6f000000000000001c25307e20&q=
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyzFvHSbM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e4d7fb6f000000000000001c25307e20
FF - user.js: extensions.incredibar_i.instlDay - 15452
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyzFvHSbM
FF - user.js: extensions.incredibar_i.upn2n - 92261285491651562
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113357&tt=010712_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e4d7fb6f000000000000001c25307e20
FF - user.js: extensions.BabylonToolbar_i.hardId - e4d7fb6f000000000000001c25307e20
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 17:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3218490610-1776498260-3243667195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*O*Ù«mv]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3218490610-1776498260-3243667195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*O*Ù«mv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3218490610-1776498260-3243667195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*O*Ù«mv]
"0"=hex:4d,00,65,00,2e,00,41,00,6e,00,64,00,2e,00,4f,00,d9,ab,6d,76,00,00,72,
00,36,00,00,00,00,00,00,00,00,00,00,00,4d,00,65,00,2e,00,41,00,6e,00,64,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3308)
c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2012-07-07 17:22:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-07 15:22
.
Avant-CF: 3 681 636 352 octets libres
Après-CF: 7 436 767 232 octets libres
.
- - End Of File - - A72250D7D431C3357D0895BECD3BB607
ComboFix 12-07-07.03 - Massiani 07/07/2012 16:49:51.1.2 - x86
Lancé depuis: c:\users\Massiani\Desktop\asdehi.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\chrome.manifest
c:\program files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\languages_v2.xml
c:\program files\webmediaplayer\resources\webmedias
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\programdata\0025736b.tmp
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Désinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\Marianne\Desktop\Spyware-Secure trial.lnk
c:\users\Massiani\AppData\Local\kuwqi.dat
c:\users\Massiani\AppData\Local\kuwqi_nav.dat
c:\users\Massiani\AppData\Local\kuwqi_navps.dat
c:\users\Massiani\AppData\Local\miuwo_navfx.dat
c:\users\Massiani\AppData\Roaming\ClickPotatoLite
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\messaging.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\push.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\manage-apps.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\messaging.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\push.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\users\Massiani\pf-setup.exe
c:\users\Massiani\SafariSetup.exe
c:\users\Massiani\vlc-0.8.6f-win32.exe
c:\users\Public\sdelevURL.tmp
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\L\00000004.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\00000004.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\00000008.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\000000cb.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\80000000.@
c:\windows\Installer\{e27ba742-e347-d086-b590-3df996879ebb}\U\80000032.@
D:\Documents.lnk
D:\install.exe
.
Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\asdehi6408a\HarddiskVolumeShadowCopy2_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56!services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-07 au 2012-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-07 15:07 . 2012-07-07 15:10 -------- d-----w- c:\users\Massiani\AppData\Local\temp
2012-07-07 15:07 . 2012-07-07 15:07 -------- d-----w- c:\users\Marianne\AppData\Local\temp
2012-07-07 15:07 . 2012-07-07 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 14:34 . 2012-07-07 14:34 -------- dc----w- C:\asdehi
2012-07-05 07:11 . 2012-07-06 12:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-05 07:11 . 2012-07-05 08:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-05 06:46 . 2012-07-05 06:46 -------- d-----w- c:\users\Massiani\AppData\Roaming\Avira
2012-07-05 06:34 . 2012-07-05 06:34 -------- d-----w- c:\users\Massiani\AppData\Local\APN
2012-07-05 06:32 . 2012-07-06 06:49 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-05 06:32 . 2011-12-01 15:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-05 06:32 . 2011-12-01 15:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-05 06:32 . 2012-07-05 06:32 -------- d-----w- c:\programdata\Avira
2012-07-05 06:32 . 2012-07-05 06:32 -------- d-----w- c:\program files\Avira
2012-07-04 17:40 . 2012-07-04 17:40 -------- d-----w- c:\users\Massiani\AppData\Local\Giant Savings
2012-07-04 17:40 . 2012-07-04 17:41 -------- d-----w- c:\program files\Giant Savings
2012-07-03 07:17 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC4A6511-0260-46AC-9BC0-F5ADDADDC29D}\mpengine.dll
2012-07-01 18:47 . 2012-07-01 18:47 -------- d-----w- c:\users\Massiani\AppData\Local\DDMSettings
2012-06-30 12:15 . 2012-06-14 22:19 15757792 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2012-06-30 12:15 . 2012-06-14 22:18 92640 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2012-06-30 12:15 . 2012-06-14 22:18 95712 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2012-06-30 12:15 . 2012-06-14 22:17 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-21 04:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:53 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:53 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 12:08 . 2012-06-19 12:08 -------- d-----w- c:\program files\iPod
2012-06-19 12:07 . 2012-06-19 12:09 -------- d-----w- c:\program files\iTunes
2012-06-14 05:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 05:01 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 05:01 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-13 05:51 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 05:51 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:51 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 05:51 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 05:50 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 13:55 . 2012-06-09 13:55 -------- d-----w- c:\programdata\Graboid Inc
2012-06-07 17:09 . 2012-06-07 17:09 -------- d-----w- c:\program files\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 05:11 . 2012-04-15 06:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 05:11 . 2011-05-22 05:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 22:19 . 2012-06-30 12:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}"= "c:\program files\blueshirtstudio\tbblue.dll" [2008-01-16 1530904]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeo2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}]
2012-01-17 17:46 470528 ----a-w- c:\program files\Premiumplay Codec-C\Premiumplay Codec-C.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}]
2012-06-12 16:22 488832 ----a-w- c:\program files\Giant Savings\Giant Savings.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
2008-01-16 09:32 1530904 ----a-w- c:\program files\blueshirtstudio\tbblue.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Veoh_Web_Player\prxtbVeo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}"= "c:\program files\blueshirtstudio\tbblue.dll" [2008-01-16 1530904]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeo2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BFCDCEBE-E1FB-40F9-B4E2-7BB1138EF76C}"= "c:\program files\blueshirtstudio\tbblue.dll" [2008-01-16 1530904]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\prxtbVeo2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2010-08-22 1692504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 03:39]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 03:39]
.
2012-07-07 c:\windows\Tasks\User_Feed_Synchronization-{E0141527-B5D5-4EC4-8CF7-6C43F57206A0}.job
- c:\windows\system32\msfeedssync.exe [2011-04-28 16:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Massiani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1_2-0.cab
FF - ProfilePath - c:\users\Massiani\AppData\Roaming\Mozilla\Firefox\Profiles\7d01cm18.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113357&tt=010712_3&babsrc=KW_ss&mntrId=e4d7fb6f000000000000001c25307e20&q=
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyzFvHSbM&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e4d7fb6f000000000000001c25307e20
FF - user.js: extensions.incredibar_i.instlDay - 15452
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyzFvHSbM
FF - user.js: extensions.incredibar_i.upn2n - 92261285491651562
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113357&tt=010712_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e4d7fb6f000000000000001c25307e20
FF - user.js: extensions.BabylonToolbar_i.hardId - e4d7fb6f000000000000001c25307e20
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 17:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3218490610-1776498260-3243667195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*O*Ù«mv]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3218490610-1776498260-3243667195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*O*Ù«mv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3218490610-1776498260-3243667195-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*O*Ù«mv]
"0"=hex:4d,00,65,00,2e,00,41,00,6e,00,64,00,2e,00,4f,00,d9,ab,6d,76,00,00,72,
00,36,00,00,00,00,00,00,00,00,00,00,00,4d,00,65,00,2e,00,41,00,6e,00,64,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3308)
c:\users\Massiani\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2012-07-07 17:22:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-07 15:22
.
Avant-CF: 3 681 636 352 octets libres
Après-CF: 7 436 767 232 octets libres
.
- - End Of File - - A72250D7D431C3357D0895BECD3BB607
Re
1)Désinstalle Spybot S&D, logiciel obsolète et qui risque de gêner la désinfection :
Désactive le module Tea Timer
Dé-vaccine
Désinstalle
2)Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=
3)Télécharge Malwaresbytes anti malware ici
http://www.malwarebytes.org/mbam.php
Bouton »Download free version »
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d'utilisation).
relance Malwaresbytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's. Sous Vista et Seven (clic droit de la souris « exécuter en tant que administrateur »)
*Procèdes à une mise à jour
*Fais un examen dit "Complet"
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)
@+
1)Désinstalle Spybot S&D, logiciel obsolète et qui risque de gêner la désinfection :
Désactive le module Tea Timer
Dé-vaccine
Désinstalle
2)Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=
3)Télécharge Malwaresbytes anti malware ici
http://www.malwarebytes.org/mbam.php
Bouton »Download free version »
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d'utilisation).
relance Malwaresbytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's. Sous Vista et Seven (clic droit de la souris « exécuter en tant que administrateur »)
*Procèdes à une mise à jour
*Fais un examen dit "Complet"
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)
@+
