Sujet Précédent Sujet Suivant

Systeme care antivirus

Résolu/Fermé
keerhann Messages postés 2 Date d'inscription jeudi 22 août 2013 Statut Membre Dernière intervention 22 août 2013 - 22 août 2013 à 18:23
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 26 août 2013 à 11:34
bonjour,
j'ai eu un message d'alerte de système care antivirus, je n'ai rien validé, après des recherches je me suis aperçue que c'était un virus. j'ai eu quelques problèmes pour afficher les pages web pour l'instant.
j'ai téléchargé rogue killer via autre pc, j'ai suivi la procédure indiquée, mais je n'ai pas redémarré en mode sans échec car mon pc n'était pas éteint, aurais-je dû ?
voici le rapport, merci de m'indiquer si cela suffit

RogueKiller V8.6.6 [Aug 19 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Anne [Droits d'admin]
Mode : Suppression -- Date : 08/22/2013 18:13:38
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 3 ¤¤¤
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [7] -> TUÉ [TermProc]
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [7] -> TUÉ [TermProc]
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe" < [x] -> STOPPÉ

¤¤¤ Entrees de registre : 18 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe" >) -> SUPPRIMÉ
[RUN][SUSP PATH] HKCU\[...]\Run : cmdkdstr (rundll32 "C:\Users\Anne\AppData\Local\Temp\Robotion.dll",CreateProcessNotify [x][-][x]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKCU\[...]\Run : convysvr (rundll32 "C:\Users\Anne\AppData\Local\Temp\Robotion64.dll",CreateProcessNotify [x][-][x]) -> SUPPRIMÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-206644113-439338800-3197501069-1001\[...]\Run : Google Update ("C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[RUN][SUSP PATH] HKUS\S-1-5-21-206644113-439338800-3197501069-1001\[...]\Run : cmdkdstr (rundll32 "C:\Users\Anne\AppData\Local\Temp\Robotion.dll",CreateProcessNotify [x][-][x]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][SUSP PATH] HKUS\S-1-5-21-206644113-439338800-3197501069-1001\[...]\Run : convysvr (rundll32 "C:\Users\Anne\AppData\Local\Temp\Robotion64.dll",CreateProcessNotify [x][-][x]) -> [0x2] Le fichier spécifié est introuvable.
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe" < [x]) -> SUPPRIMÉ
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe" < [x]) -> [0x57] Paramètre incorrect.
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe" < [x]) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] Le fichier spécifié est introuvable.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Le fichier spécifié est introuvable.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HID SVC][Masqué de l'API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] Le chemin d???accès spécifié est introuvable.
[HID SVC][Masqué de l'API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] Le chemin d???accès spécifié est introuvable.
[HID SVC][Masqué de l'API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] Le chemin d???accès spécifié est introuvable.

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Repertoire] Install : C:\Users\Anne\AppData\Local\Google\Desktop\Install [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] @ : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\@ [-] --> SUPPRIMÉ
[ZeroAccess][Fichier] GoogleUpdate.exe : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\GoogleUpdate.exe [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] L : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\L [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] U : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63}\U [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {20c70280-6f47-5b2e-6468-a5fa93735b63} : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\?????\{20c70280-6f47-5b2e-6468-a5fa93735b63} [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????? : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\?????????\????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????????? : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\?????????\????????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] ????????? : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\????????? [-] --> SUPPRIMÉ
[ZeroAccess][Repertoire] {20c70280-6f47-5b2e-6468-a5fa93735b63} : C:\Users\Anne\AppData\Local\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63} [-] --> SUPPRIMÉ

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 1ad206ccd716460fe17931376786edb2
[BSP] a1819a9f9a48cb2eec942f6e7ec9ccad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 237917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488075264 | Size: 238622 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_D_08222013_181337.txt >>
RKreport[0]_S_08222013_181254.txt
A voir également:

9 réponses

Réponse 1 / 9
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
22 août 2013 à 19:29
Salut

ça va pas être évident y'a ZeroAccess.

Créé un point de restauration système avant de commencer.

▶ Télécharges ici: mbar
▶ Décompresses le contenu du dossier vers le bureau.
▶ Ouvrir le dossier et exécuter mbar.exe (Sous Vista/7 : exécuter en tant qu'administrateur)
▶ La fenêtre suivante annonce que cette version sera valide un mois et que l'utilisation se fait aux risques et périls de l'utilisateur.
▶ Clic sur Next
▶ La nouvelle fenêtre te propose de faire la mise a jour. Clic sur Update et une fois terminé clic sur next
▶ Pour lancer l'analyse clic sur scan
▶ Cliques sur le bouton Nettoyage (cleanup) pour supprimer toutes les menaces et redémarrer si tu es invité à le faire.
▶ Patiente pendant le processus de nettoyage qui peut être long.
▶ Lorsque terminé, envois les deux rapports qui se trouvent dans le dossier MBAR : mbar-log.txt et log.txt
0
Réponse 2 / 9
keerhann Messages postés 2 Date d'inscription jeudi 22 août 2013 Statut Membre Dernière intervention 22 août 2013
22 août 2013 à 23:15
voilà
merci encore pour l'aide


Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Anne :: ANNE-TOSH [administrator]

22/08/2013 21:48:59
mbar-log-2013-08-22 (21-48-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 271437
Time elapsed: 1 hour(s), 9 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 36
HKLM\SOFTWARE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Delete on reboot.
HKCU\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\Boxore (Adware.Boxore) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\ShoppingReport2 (Adware.ShoppingReport2) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingReport2 (Adware.Hotbar) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (Trojan.0Access) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (Trojan.0Access) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 10
c:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Delete on reboot.
c:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Delete on reboot.
c:\Program Files (x86)\ShoppingReport2\Bin\2.7.32 (Adware.ShoppingReport2) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \... (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\??? (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\l (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\u (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63} (Trojan.0Access) -> Delete on reboot.

Files Detected: 5
c:\Users\Anne\AppData\Roaming\File Scout\filescout.exe (Trojan.PUP.Optional.FileScout.A) -> Delete on reboot.
c:\Users\Anne\AppData\Local\Temp\is87173921\BoxoreInstaller.exe (Adware.Boxore) -> Delete on reboot.
c:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\@ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\googleupdate.exe (Trojan.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


************************

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_14

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148662272, free: 1090650112

Downloaded database version: v2013.08.22.07
Initializing...
------------ Kernel report ------------
08/22/2013 21:48:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\mfenlfk.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdgx64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\o2mdgx64.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nuvotoncir.sys
\SystemRoot\system32\DRIVERS\nuvotonhidcir.sys
\SystemRoot\system32\DRIVERS\hidshim.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\dvb7700all.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mferkdet.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004a8e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004989050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004a8e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b48040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004a8e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a8c060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8004989050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 508F9BBB

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 819200
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 821248 Numsec = 487254016

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 488075264 Numsec = 488697856

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} --> [Adware.ShoppingReport2]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{258C9770-1713-4021-8D7E-1F184A2BD754} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.RprtCtrl --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.RprtCtrl.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.RprtCtrl --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.RprtCtrl.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} --> [Adware.Softomate]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButton --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButton.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButton --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButton.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButtonA --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButtonA.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButtonA --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButtonA.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbInfoBand --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbInfoBand.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbInfoBand --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbInfoBand.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbAx --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbAx.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbAx --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbAx.1 --> [Adware.ShoppingReport2]
Infected: c:\Users\Anne\AppData\Roaming\File Scout\filescout.exe --> [Trojan.PUP.Optional.FileScout.A]
Infected: c:\Users\Anne\AppData\Local\Temp\is87173921\BoxoreInstaller.exe --> [Adware.Boxore]
Infected: HKCU\SOFTWARE\ShoppingReport2 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\Boxore --> [Adware.Boxore]
Infected: HKLM\SOFTWARE\WOW6432NODE\ShoppingReport2 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingReport2 --> [Adware.Hotbar]
Infected: c:\Program Files (x86)\ShoppingReport2 --> [Adware.ShoppingReport2]
Infected: c:\Program Files (x86)\ShoppingReport2\Uninst.exe --> [Adware.ShoppingReport2]
Infected: c:\Program Files (x86)\ShoppingReport2\Bin --> [Adware.ShoppingReport2]
Infected: c:\Program Files (x86)\ShoppingReport2\Bin\2.7.32 --> [Adware.ShoppingReport2]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\??? --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\googleupdate.exe --> [Trojan.0Access]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [Trojan.0Access]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\u --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
0
Réponse 3 / 9
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
22 août 2013 à 23:26
Bien.

Redémarre si ce n'est encore fait.

Refais un coup de MBAR.
0
Réponse 4 / 9
keerhann
23 août 2013 à 19:18
voici les 2 nouveaux rapports
merci

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Anne :: ANNE-TOSH [administrator]

23/08/2013 18:14:49
mbar-log-2013-08-23 (18-14-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 270731
Time elapsed: 48 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \... (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\??? (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63} (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63} (Trojan.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_14

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148662272, free: 1090650112

Downloaded database version: v2013.08.22.07
Initializing...
------------ Kernel report ------------
08/22/2013 21:48:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\mfenlfk.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdgx64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\o2mdgx64.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nuvotoncir.sys
\SystemRoot\system32\DRIVERS\nuvotonhidcir.sys
\SystemRoot\system32\DRIVERS\hidshim.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\dvb7700all.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mferkdet.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004a8e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004989050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004a8e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b48040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004a8e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a8c060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8004989050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 508F9BBB

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 819200
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 821248 Numsec = 487254016

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 488075264 Numsec = 488697856

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} --> [Adware.ShoppingReport2]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{258C9770-1713-4021-8D7E-1F184A2BD754} --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.RprtCtrl --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.RprtCtrl.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.RprtCtrl --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.RprtCtrl.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} --> [Adware.Softomate]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButton --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButton.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButton --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButton.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButtonA --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.IEButtonA.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButtonA --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.IEButtonA.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbInfoBand --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbInfoBand.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbInfoBand --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbInfoBand.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbAx --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\CLASSES\ShoppingReport2.HbAx.1 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbAx --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingReport2.HbAx.1 --> [Adware.ShoppingReport2]
Infected: c:\Users\Anne\AppData\Roaming\File Scout\filescout.exe --> [Trojan.PUP.Optional.FileScout.A]
Infected: c:\Users\Anne\AppData\Local\Temp\is87173921\BoxoreInstaller.exe --> [Adware.Boxore]
Infected: HKCU\SOFTWARE\ShoppingReport2 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\Boxore --> [Adware.Boxore]
Infected: HKLM\SOFTWARE\WOW6432NODE\ShoppingReport2 --> [Adware.ShoppingReport2]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingReport2 --> [Adware.Hotbar]
Infected: c:\Program Files (x86)\ShoppingReport2 --> [Adware.ShoppingReport2]
Infected: c:\Program Files (x86)\ShoppingReport2\Uninst.exe --> [Adware.ShoppingReport2]
Infected: c:\Program Files (x86)\ShoppingReport2\Bin --> [Adware.ShoppingReport2]
Infected: c:\Program Files (x86)\ShoppingReport2\Bin\2.7.32 --> [Adware.ShoppingReport2]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\??? --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\googleupdate.exe --> [Trojan.0Access]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [Trojan.0Access]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63}\u --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_14

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148662272, free: 2776907776

Downloaded database version: v2013.08.23.03
Initializing...
------------ Kernel report ------------
08/23/2013 18:14:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\mfenlfk.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdgx64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\o2mdgx64.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nuvotoncir.sys
\SystemRoot\system32\DRIVERS\nuvotonhidcir.sys
\SystemRoot\system32\DRIVERS\hidshim.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys
\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\dvb7700all.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004b28060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004988050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004b28060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b28b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b28060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004b25550, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8004988050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 508F9BBB

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 819200
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 821248 Numsec = 487254016

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 488075264 Numsec = 488697856

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\??? --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{20c70280-6f47-5b2e-6468-a5fa93735b63}\ \...\???\{20c70280-6f47-5b2e-6468-a5fa93735b63} --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{20c70280-6f47-5b2e-6468-a5fa93735b63} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
23 août 2013 à 19:20
Salut,

Parfait !

On s'occupe des adwares :

Télécharge ici (lien direct): AdwCleaner (de Xplode)

▶ Lance-le

▶ Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans le répertoire AdwCleaner de ton disque dur ( C:\AdwCleaner\AdwCleaner[x].txt) ou son contenu s'il s'ouvre.

Ensuite

▶ Télécharge ici : Junkware Removal Tool

!!! Ne clique pas sur Download !!! , attends simplement que la fenetre de telechargement arrive pour confirmation

▶ Enregistre ce fichier sur le bureau.

▶ Ferme tout tes navigateurs

Sous XP, double-clique sur l'icône et presse une touche lorsque cela sera demandé.
Sous Vista/7/8, clic droit et Exécuter en temps qu'administrateur.

▶ NB: Le bureau disparaitra un instant, c'est normal.

▶ Laisse le programme travailler ne touche plus à rien

▶ Poste le rapport généré à la fin de l'analyse.

Tuto : http://hackinginterdit.blogspot.fr/2013/02/junkware-removal-tool.html

A+
0
Réponse 6 / 9
keerhann
25 août 2013 à 19:27
bonjour
voici le rapport d'adw cleaner
# AdwCleaner v3.001 - Rapport créé le 25/08/2013 à 18:58:49
# Mis à jour le 24/08/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Anne - ANNE-TOSH
# Exécuté depuis : C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM0NT00D\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : Browser Manager

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Kreapixel
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\Browser Manager
Dossier Supprimé : C:\ProgramData\Partner
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\ProgramData\Uniblue\DriverScanner
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Dossier Supprimé : C:\Program Files (x86)\iMesh Applications
Dossier Supprimé : C:\Program Files (x86)\OfferBox
Dossier Supprimé : C:\Program Files (x86)\Uniblue\DriverScanner
Dossier Supprimé : C:\Program Files (x86)\Yontoo
Dossier Supprimé : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Dossier Supprimé : C:\Users\Anne\AppData\Local\freetvradio Air
Dossier Supprimé : C:\Users\Anne\AppData\Local\OpenCandy
Dossier Supprimé : C:\Users\Anne\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\Anne\AppData\Local\Wajam
Dossier Supprimé : C:\Users\Anne\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Anne\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Anne\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\Anne\AppData\LocalLow\ShoppingReport2
Dossier Supprimé : C:\Users\Anne\AppData\LocalLow\wincoreimband
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\dvdvideosoftiehelpers
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\file scout
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\FissaSearch
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\freeTVRadio
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\OfferBox
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\Uniblue\DriverScanner
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\Extensions\***@***
Dossier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\Extensions\***@***
Dossier Supprimé : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\Extensions\***@***
Fichier Supprimé : C:\Users\Public\Desktop\DriverScanner.lnk
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Fichier Supprimé : C:\Users\Anne\AppData\Local\Temp\rpidity.crx
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlayerV2.lnk
Fichier Supprimé : C:\Users\Anne\Desktop\WebPlayerV2.lnk
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\searchplugins\Babylon.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\searchplugins\BabylonMngr.xml
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\searchplugins\Search_Results.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\bprotector_extensions.sqlite
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\bprotector_prefs.js
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Fichier Supprimé : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\user.js
Fichier Supprimé : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Fichier Supprimé : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Fichier Supprimé : C:\Windows\System32\Tasks\Browser Manager
Fichier Supprimé : C:\Windows\Tasks\driverscanner.job
Fichier Supprimé : C:\Windows\System32\Tasks\driverscanner

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\driverscanner
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Clé Supprimée : HKCU\Software\5eedf88e568b912
Clé Supprimée : HKLM\SOFTWARE\5eedf88e568b912
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40038D23-8356-413E-95B5-4070C5D042FF}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Clé Supprimée : HKCU\Software\BabSolution
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\BrowserMngr
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\DataMngr
[#] Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\filescout
Clé Supprimée : HKCU\Software\FissaSearch
Clé Supprimée : HKCU\Software\freeTVRadio
Clé Supprimée : HKCU\Software\Imesh
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Offerbox
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKCU\Software\AppDataLow\Software\mediabarim
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\ShoppingReport2
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\BrowserMngr
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\FissaSearch
Clé Supprimée : HKLM\Software\Offerbox
Clé Supprimée : HKLM\Software\Uniblue\DriverScanner
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77236F9C-987C-40EC-832B-5BD6181E4846}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Clé Supprimée : [x64] HKLM\SOFTWARE\DataMngr
Clé Supprimée : [x64] HKLM\SOFTWARE\Tarma Installer
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v12.0 (fr)

[ Fichier : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\07jtd2mb.default\prefs.js ]

Ligne Supprimée : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=108988&tt=120912_ccp_3812_7&babsrc=HP_ss&mntrId=581aadec00000000000070f1a1787477");
Ligne Supprimée : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Ligne Supprimée : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=108988&tt=120912_ccp_3812_7&babsrc=NT_ss&mntrId=581aadec00000000000070f1a1787477");
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=108988&tt=120912_ccp_3812_7&babsrc=HP_ss&mntrId=581aadec00000000000070f1a1787477");
Ligne Supprimée : user_pref("extensions.5094fb1dece8e.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Ligne Supprimée : user_pref("extensions.BabylonToolbar.admin", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.babExt", "");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.babTrack", "affID=108988&tt=120912_ccp_3812_7");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", "23");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.cntry", "FR");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.excTlbr", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.hdrMd5", "DE0311FA98D2EFB4C02E530A1F0E2A25");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.hmpg", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.id", "581aadec00000000000070f1a1787477");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15602");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1221:21:15");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.newTab", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"70\",\"lastVrsn\":\"70\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.sg", "azb");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=581aadec00000000000070f1a1787477&q=");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1221:21:15");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", "");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108988&tt=120912_ccp_3812_7");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1221:21:15");
Ligne Supprimée : user_pref("extensions.enabledAddons", "***@***:1.5.0,***@***:1.20.02,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.15,***@***:3.8.7,{972ce4c6-7e08-4474-a285-3208198c[...]
Ligne Supprimée : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\McAfee\\\\SiteAdvisor\",\"m[...]
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=CD0CDFF7-AC38-4A0C-951F-88E6D5EC654D&n=77ee1610&ptnrS=XPxdm253YYfr&si=CLq6srChwrICFeTLtAod3R[...]
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012091920");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm253YYfr");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CLq6srChwrICFeTLtAod3RkAYw");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "CD0CDFF7-AC38-4A0C-951F-88E6D5EC654D");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1348080862782");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "juventus chelsea");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
Ligne Supprimée : user_pref("extensions.toolbar.mindspark.lastInstalled", "***@***");
Ligne Supprimée : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,buzzdock,YontooNewOffers");
Ligne Supprimée : user_pref("extentions.y2layers.installId", "0ec48ba5-1196-40fd-bc44-d1070e8f306e");
Ligne Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=108988&tt=120912_ccp_3812_7&babsrc=KW_ss&mntrId=581aadec00000000000070f1a1787477&q=");

-\\ Google Chrome v28.0.1500.95

[ Fichier : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage
Supprimée : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [21246 octets] - [25/08/2013 18:58:07]
AdwCleaner[S0].txt - [20477 octets] - [25/08/2013 18:58:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20538 octets] ##########

et celui de JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anne on 25/08/2013 at 19:08:58,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\uniblue
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2643111
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2849852



~~~ Files

Successfully deleted: [File] "C:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\software"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\local\software"
Successfully deleted: [Folder] "C:\Program Files (x86)\software"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{05085950-69DA-4963-B02C-6036B0CD65D9}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{0635E58B-D427-4911-BA97-27ED279C9451}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{080A7488-757F-4D63-9C43-7DCF7878E527}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{09C524ED-313C-44C7-9518-B8DDBA8A4D1B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{0A2B9F3C-2E78-4D3A-9240-B04CD186E074}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{0A784B05-A8E7-48AE-92AC-E1ACB2862D83}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{0DC00CB7-D95F-447E-9505-944541F41322}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{0FE7D030-E5CA-4369-A3ED-1BBAAE3B02A1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{123385B6-F4AD-49E6-B9C3-AA18A0A3CCA3}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{13062463-E5FD-4EF5-8C60-91FDEDD0BCA0}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{13EAC273-7009-43EA-A90C-0B0A2853893F}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{1702DEB4-64A7-4A79-A0A6-5370B38FEE29}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{1A2B545F-63CF-421B-9500-02F9AE82DA31}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{1AB23E75-9B36-474D-9E9C-B7C6A8E44608}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{21C2F66B-A1A1-4F9D-A4BF-760AA129B87A}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{23661A86-D838-4710-8DCB-01E392769846}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{23915C67-6959-4E1D-B0FC-95F1A733E6C0}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{26654C82-8A36-417A-B767-2401667BBABA}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{266BA4CA-1A6B-439C-A1BF-7D180ECCD1FD}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{2A55BBC1-965F-4F9F-87C2-EDFA114B8E9C}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{2B1C544F-4B62-4065-BF0B-78384B242B4F}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{3327E4B3-32E5-45C2-992D-FBB54A5F452F}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{364BADC7-549A-4709-8346-A6E1C84A19F1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{3694BA6C-AA82-447C-9942-039742A24F24}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{38E10BE2-7C48-4682-9242-6759BCF5B37B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{38F4B4EB-1DD7-4814-9B71-51C0D353D057}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{3B9A1BF4-1CD6-4820-BBBC-220716654A3A}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{424B2ADD-60F3-47A5-BA10-E53DEF311F45}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{42EBE258-2740-4012-A46A-78E1B8B65111}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{48C73D06-FBFF-443A-BC0B-9C926DAB6887}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{4F1E2555-616D-4098-BE64-6F044752A1E7}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{4F540D5F-7EA7-40F2-8C97-2814D9417C34}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{50F93F5E-EB27-4473-A8C4-2D6C784B3318}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{554FFB4B-8BC3-46BC-AB14-D8AFC9DDE343}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{5568497E-16A6-4DB1-B000-A284419DB648}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{580200B0-B66A-4FEF-9821-25DAC45017BF}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{58EBF1E7-CC2E-4DFE-9AD5-9919AE5763E1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{5BBC88D7-D2B5-4EDC-9857-D3B550A891C1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{5E8E7B3E-E8B3-49E5-908A-0AD910387F27}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{5E956BFD-36C9-47A6-92CC-A46E40178271}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{62E0BDA7-BA13-4183-9D8D-24973C0CCE2E}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{669399DF-FF54-42F9-AB70-470E7C44FE83}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{6875F0F4-6004-47A8-B7A0-E7525036DDC6}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{69012694-511E-419B-B0D1-58F3A6D91E14}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{6EFC12B8-4648-49E8-A442-695E72D920E6}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{6F2059A8-8F20-499D-8FE5-1F2015537B1C}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{70783DD4-9B9B-4574-B310-84EDCE9464F1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{7235E904-1443-4A40-B250-FB66257B727B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{7597F3B5-ABB8-48DA-93CB-357B73AED4B2}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{795D5A4B-204E-4E74-90F3-53FDC5383D78}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{7A4AE6C0-F8F8-4CAD-BD72-63315096FF57}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{7C2661CE-0D5F-4A32-9F60-01A8C32D570F}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{7F29422B-183B-4286-A5D5-625867DB4CD5}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{8162BD98-D161-4DE4-B169-ED3660F609D3}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{8244D85A-9EF0-4C22-B86E-91BB1D6430E1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{8255C907-817B-42E0-B7B3-F0C02AED0415}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{83700369-F4A2-4EEE-8B7B-DBE88BE92A70}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{83DD6185-161D-44B5-9201-46079D8B1860}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{8546C0DB-44E0-43DA-9DF8-9888A271B456}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{874EC3EB-2DA3-4651-B247-9C25A6078803}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{87BCD5AD-88B3-418F-AF27-B30590096837}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{8C411A12-D877-4363-BA91-E69CBC992AA8}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{8D4905A7-6AA8-4D62-9C7A-EE751EDB0D2B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{9002E68C-239D-4EBD-99AB-58B66CA03FC9}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{915876DE-C09F-406A-B0DE-32A31FCC52FF}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{92B43099-80EA-4061-9AF8-8C86D5024B1C}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{9394122F-3EE7-4189-B564-B588A34789E0}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{9654B431-ED0E-4D20-B60D-2AB5340BA6C1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{9C24CD75-FD79-40E7-A6AB-C3EA1EEDB2B3}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{9F225EFC-F1E6-47DB-BD66-77EDA3FE4C1B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{A0CAB28F-2236-4400-B0C3-3114B01EFF8F}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{A451B4F5-0A53-4EF0-9709-70AFBB5E8F78}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{A4EB33FA-6F50-4F86-98E7-B1F5140AB984}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{A90C84FE-3AA5-44BE-B6E8-DF5C7C4065D2}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{AEA6A3AB-5C18-4DE8-87F7-8C1B81011E5D}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{B0A58585-FD8F-4950-88CF-1123E39E31E8}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{B1067892-B56A-400A-AD7F-ACEA9C46146C}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{B1D79044-EB98-48E2-945D-91D3C436933E}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{B2F69400-F9E2-48A2-8D8B-732572E8AFB4}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{B8FB09C3-F86D-4A8F-95A8-128BE1621FFB}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{BA00CB7D-99EC-433D-872D-A7A64BD62598}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{BD37B157-53BB-4934-9CB7-E6723D762EB8}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{BDAD5A96-3371-4C47-94A7-49801C5BAD09}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{BDEF23C4-C02B-4914-9B16-2AD3ECDE41E5}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{C0673462-2AA9-4889-8288-35C6B0657381}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{C1761423-B054-47BB-91B4-18C9F66EBB5B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{C65A7F5D-6C49-4412-83B5-80D255B2B2A2}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{C6FFC869-DB6D-43F0-8FA7-C8F24B45B28F}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{C7BBBA80-A72D-4AF9-8C25-FE4589AF48E8}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{CAE053BB-5809-458F-87E0-62C47973C414}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{D20BCB3A-38E8-4048-BEE6-6D47B8E9AB09}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{D2CB84B9-825F-4036-9C04-491F0DC5B126}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{D370D7AA-ADE3-4E50-B124-BC3AAC68F41A}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{D572A445-DA50-4F30-B5EA-1BAB5F74B13A}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{D8F84EE0-6623-44E0-8D8D-771A671A270A}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{D94DB3E7-1EF3-4022-A67D-B3A21C77EC0B}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{DD323C69-3CE9-4390-A689-7E588CDB2E85}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{DD4E3816-6F68-4659-BE5A-5CDF75E39021}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{DF21EB3B-B96B-4DCE-9DC3-AD8009B19238}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{E1A87DA7-8E6A-4D67-8B4A-A88D9F331AD1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{E276DFFC-EF7D-400D-BEFE-BDFB60220A46}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{E6B596A6-DCE5-41A6-86DA-65776DF6C89E}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{E72C401B-23B2-4627-A111-E6CE923328BE}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{EABB2493-319C-409C-BB2B-7E4EA7B61724}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{EB4BB000-0BB1-4839-B8D8-EB0C816C7EE1}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{EEFD6C5E-0ABF-424E-9642-AF5D3EBE76B0}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{EF1D3CA0-1DD9-47B3-8D27-D7D3D569BA40}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{F0DB9ECC-69B2-470E-97F9-E22922BB999C}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{F312FF27-1C5A-40A5-AC14-1953D982D878}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{F6EED32B-1CB8-4DB0-8B49-CBAC4FE6D890}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{FB4BBE51-049F-4E91-8CDD-BC086664FF6E}
Successfully deleted: [Empty Folder] C:\Users\Anne\appdata\local\{FD2794BD-455A-47B0-A1E0-7D7BE7474CFA}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Anne\AppData\Roaming\mozilla\firefox\profiles\07jtd2mb.default\extensions\staged
Emptied folder: C:\Users\Anne\AppData\Roaming\mozilla\firefox\profiles\07jtd2mb.default\minidumps [25 files]

~~ Chrome

Successfully deleted: [Folder] C:\Users\Anne\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/08/2013 at 19:17:22,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Merci beaucoup pour l'aide
0
Réponse 7 / 9
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
25 août 2013 à 19:38
Coucou excellent :)

Encore des soucis ?
0
Réponse 8 / 9
keerhann
26 août 2013 à 11:32
non plus de souci, tout fonctionne très bien
merci encore !
0
Réponse 9 / 9
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
26 août 2013 à 11:34
hop hop hop pas fini

Passe un coup de delfix en cochant toutes cases : https://www.commentcamarche.net/telecharger/securite/7111-delfix/

~~

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.

~~

Sécurise ton PC !

Un exploit sur site web permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java

Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite

https://forum.malekal.com/viewtopic.php?t=15960&start=

Désactive Java de tes navigateurs WEB : https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web

~~

Attention à ce que tu installes à l'avenir :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme S0ft0nic.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installé des barres d'outils sans le savoir.

Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/

Passe le mot à tes amis !

~~

Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

Bonne lecture et n'oublie pas d'indiquer que ton sujet est résolu :)
0

Discussions similaires

velo d'appartement care
batrol78 -
batrol78 -

2 réponses
Erreur la zone de données passée à un appel système est insu
Vincent -
Panth33ra -

5 réponses