Merci!
Voici mes rapports :
Pour
Malwarebytes :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5907
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28/02/2011 23:56:14
mbam-log-2011-02-28 (23-56-14).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|L:\|)
Elément(s) analysé(s): 234325
Temps écoulé: 2 heure(s), 15 minute(s), 4 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93EB9FD3EA40F221E990E3E71343E6D47D3FA0C0 (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\dominique\mes documents\Perso\Amusants\Viagra.exe (Joke.VV) -> Quarantined and deleted successfully.
c:\documents and settings\dominique\mes documents\téléchargements\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\application updater\applicationupdater.exe.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\pdfforge toolbar\searchsettings.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\pdfforge toolbar\searchsettings.exe.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\pdfforge toolbar\searchsettingsres409.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\pdfforge toolbar\widgihelper.exe.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\pdfforge toolbar\IE\1.1.2\pdfforgetoolbarie.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\
system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068741.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068742.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068743.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068744.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068745.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068746.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068747.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068748.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068749.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP578\A0068750.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP579\A0069100.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP579\A0069101.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP579\A0069102.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP579\A0069103.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP579\A0069104.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP630\A0077467.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP630\A0077473.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP630\A0077474.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP630\A0077475.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP630\A0077476.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4c3b4a2c-ed95-4bf0-890c-0724d1b9832d}\RP630\A0077481.exe (PUP.Dealio) -> Quarantined and deleted successfully.
Pour
Ad-remover :
======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 26/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web:
http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:13:38 le 28/02/2011, Mode normal
Microsoft Windows XP Professionnel Service Pack 3 (X86)
Dominique@PC-DE-PIOT ( )
============== ACTION(S) ==============
Service: "Application Updater" Stoppé et supprimé
Fichier supprimé: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com
Fichier supprimé: C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
Dossier supprimé: C:\Program Files\Application Updater
Dossier supprimé: C:\Program Files\ClickPotatoLite
Dossier supprimé: C:\Documents and Settings\Dominique\Application Data\Hotbar
Dossier supprimé: C:\Documents and Settings\Dominique\Application Data\pdfforge
Dossier supprimé: C:\Program Files\pdfforge Toolbar
Dossier supprimé: C:\Documents and Settings\Dominique\Application Data\Search Settings
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}
Clé supprimée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Clé supprimée: HKLM\Software\Application Updater
Clé supprimée: HKLM\Software\ClickPotatoLite
Clé supprimée: HKLM\Software\Hotbar
Clé supprimée: HKLM\Software\pdfforge
Clé supprimée: HKLM\Software\Search Settings
Clé supprimée: HKCU\Software\Hotbar
Clé supprimée: HKCU\Software\pdfforge
Clé supprimée: HKCU\Software\Search Settings
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hotbar
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenUSearch
Clé supprimée: HKLM\Software\Classes\Installer\Products\3D7B197543B881247905A6E8540DDA23
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\3D7B197543B881247905A6E8540DDA23
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [3.6.13 (fr)] ****
-- C:\Documents and Settings\Dominique\Application Data\Mozilla\FireFox\Profiles\hmg6a6uj.default --
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Dominique\\Mes documents\\Nouveau dossier\\Nouveau dossier
Prefs.js - browser.startup.homepage, hxxp://fr.msn.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
========================================
**** Google Chrome Version [9.0.597.98] ****
-- C:\Documents and Settings\Dominique\Local Settings\Application Data\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://fr.news.yahoo.com/
Preferences - homepage_is_newtabpage: false
Plugin - Hotbar Firefox Plugin (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll) (x)
Plugin - "Picasa" (Activé: true)
Plugin - "Hotbar Firefox Plugin" (Activé: true)
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~3\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{222B8372-1556-430c-BB5E-0AFF73775229} - "sarpbho Class" (C:\WINDOWS\system32\SARP32.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
========================================
C:\Program Files\Ad-Remover\Quarantine: 84 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 13 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 28/02/2011 21:15:54 (4852 Octet(s))
Fin à: 21:17:55, 28/02/2011
============== E.O.F ==============
Merci de votre aide.
Cordialement
Dompiot
