martinimy

"Validé" ? J'ai cliqué sur suppression comme demandé... Comme je l'ai dit tout a l'air de fonctionner correctement. Maintenant je vais essayer de me débarrasser de tous ces chasseurs de virus installés, je me débats avec les autorisations "spéciales". Un conseil ? Merci !

J'avais lancé Spyhunter pour me débarrasser de System Progressive Protection, apparemment ça a fonctionné même si Spyhunter m'a demander de m'enregistrer au moment de supprimer tous les éléments trouvés, ce que je n'ai pas fait. Dans tous les cas, plus de trace de System Progressive Protection, tout a l'air de fonctionner. Voici le rapport de RogueKiller : Lien CJoint.com BJduVw3fC06

Bonjour, J'ai eu des difficultés pour effectuer la suppression avec OPL. J'ai du effectuer la manip plusieurs fois. Voici le dernier rapport de suppression d'OTL : Lien CJoint.com BJdrfzO6ySM Avira me signale encore TR/ATRAPS.Gen2, que j'ai mis en quarantaine, à voir si ça sera utile. Depuis aujourd'hui, mon ordinateur a un nouvel hôte indésirable : System Progressive Protection 3.7.6, qui m'envoie des pop up à qui mieux mieux. et bloque l'accès du gestionnaire de tâches. Comment le supprimer ? Myriam

J'ai oublié le 2ème rapport d'OTL, le voici : 4 Lien CJoint.com BJcu3NXPBp3

Bonsoir, J'ai suivi toutes les étapes, voici les rapports : 1 Lien CJoint.com BJcuRoilq6E 2 Lien CJoint.com BJcuRWY5g2a 3 Lien CJoint.com BJcuPUw1FtL Merci pour ton aide ! Marti

Bonjour, Je cherche de l'aide pour utiliser ComboFix. J'ai lancé le programme pour me débarrasser de TR/ATRAPS.Gen et TR/ATRAPS.Gen2 qu'Avira ne cessait d'essayer de mettre en quarantaine, sans succès, depuis quelques jours. Quelqu'un sait-il lire ce rapport et me dire s'il faut que je fasse autre chose avant de supprimer combofix ? Merci d'avance ! Marti Voici le rapport de combofix : ComboFix 12-10-02.02 - martinimy 02/10/2012 12:20:44.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1690 [GMT 2:00] Lancé depuis: c:\users\martinimy\Desktop\Myriam.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\@ c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\n c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\U\00000004.@ c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\U\00000008.@ c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\U\000000cb.@ c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\U\80000000.@ c:\$recycle.bin\S-1-5-21-3143209982-1447486212-255070690-1000\$ed6873ef207e5a887d6491bf17471872\U\80000032.@ c:\program files\OfferBox c:\program files\OfferBox\[email protected]\components\OfferBoxXpCom.dll c:\users\Default\AppData\Roaming\SogouExplorer c:\users\Default\AppData\Roaming\SogouExplorer\Bin\flash_wk.dll c:\users\Default\AppData\Roaming\SogouExplorer\Bin\malurl.dat c:\users\Default\AppData\Roaming\SogouExplorer\datapack1 c:\users\Default\AppData\Roaming\SogouExplorer\datapack2 c:\users\Default\AppData\Roaming\SogouExplorer\datapack3 c:\users\Default\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate1 c:\users\Default\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate2 c:\users\Default\AppData\Roaming\SogouExplorer\script.dat c:\users\Default\AppData\Roaming\SogouExplorer\urlblack.dat c:\users\martinimy\AppData\Roaming\OfferBox c:\users\martinimy\AppData\Roaming\OfferBox\config.dat c:\users\martinimy\AppData\Roaming\OfferBox\config.xml c:\users\martinimy\AppData\Roaming\SogouExplorer c:\users\martinimy\AppData\Roaming\SogouExplorer\acc.splenkey c:\users\martinimy\AppData\Roaming\SogouExplorer\adbdata.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\bsecfg.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\flash_ie.ocx c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\flash_wk.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\flash_wk_update.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\malurl.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\seinstdll.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\Bin\semaindll.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\CommCfg.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\config.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\configlocal.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2012.04.23.16 c:\users\martinimy\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2012.04.23.16 c:\users\martinimy\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2012.04.23.16 c:\users\martinimy\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2012.04.23.16 c:\users\martinimy\AppData\Roaming\SogouExplorer\datapack1 c:\users\martinimy\AppData\Roaming\SogouExplorer\datapack2 c:\users\martinimy\AppData\Roaming\SogouExplorer\datapack3 c:\users\martinimy\AppData\Roaming\SogouExplorer\Dynamark.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf.sext c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\privacy_on.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\thumbs.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink.sext c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount.sext c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share.sext c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\qzone.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\renren.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\sina.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\sohu.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\tencent.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\thumbs.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker.sext c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\ajax-loader.gif c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\bg_rextop.jpg c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\btn_at.gif c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\logo.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\logo__.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\oauth.css c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\background.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\consumer.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\contentscript.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\error_handler.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\jquery-1.6.1.min.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\md5-min.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_form.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_renren.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_sina.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_tencent.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker_renren.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker_tencent.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\sha1.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\tranfer_thumdata.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\xml2json.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator.sext c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\ translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\backgroundpage.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\css\translate.css c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\google_translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\ajax-loader.gif c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_left.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_left_active.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_left_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_mid.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_mid_active.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_mid_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_right.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_right_active.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_right_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\change.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\swap.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\swap_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\thumbs.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\title_option.jpg c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\title_option2.jpg c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\translate_logo.gif c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\before_googleapi.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\before_youdaoapi.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\jquery.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\translate.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\translate.js_ c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\youdao_translate.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\translator.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\youdao_translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\css\translate.css c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\default-big.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\default.ico c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\google_translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\ajax-loader.gif c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left_active.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid_active.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right_active.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\change.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\swap.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\swap_hover.png c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\thumbs.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\title_option_google.jpg c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\title_option_youdao.jpg c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\translate_logo.gif c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\before_googleapi.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\before_youdaoapi.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\jquery.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\translate.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\translate.js_ c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\youdao_translate.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\manifest.xml c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\translator.js c:\users\martinimy\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\youdao_translate.html c:\users\martinimy\AppData\Roaming\SogouExplorer\FavIcon\FavorIcon.db c:\users\martinimy\AppData\Roaming\SogouExplorer\Favorite2.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\FormData.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\HistoryUrl.db c:\users\martinimy\AppData\Roaming\SogouExplorer\liteupdater.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\LocalPage\Error404.zip c:\users\martinimy\AppData\Roaming\SogouExplorer\LocalPage\MyFavorStartPage.zip c:\users\martinimy\AppData\Roaming\SogouExplorer\LocalPage\PassportLogin.zip c:\users\martinimy\AppData\Roaming\SogouExplorer\LocalPage\WKInspector.zip c:\users\martinimy\AppData\Roaming\SogouExplorer\LocalStorage.db c:\users\martinimy\AppData\Roaming\SogouExplorer\MCPattern.db c:\users\martinimy\AppData\Roaming\SogouExplorer\MetaSearch\MetaSearch c:\users\martinimy\AppData\Roaming\SogouExplorer\MetaSearch\MetaSearch.db c:\users\martinimy\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate1 c:\users\martinimy\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate2 c:\users\martinimy\AppData\Roaming\SogouExplorer\Misc.db c:\users\martinimy\AppData\Roaming\SogouExplorer\netopt.se c:\users\martinimy\AppData\Roaming\SogouExplorer\p4p.db c:\users\martinimy\AppData\Roaming\SogouExplorer\playevent.pat c:\users\martinimy\AppData\Roaming\SogouExplorer\rk.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\script.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\se_setup.ini c:\users\martinimy\AppData\Roaming\SogouExplorer\seacc_pattern.txt c:\users\martinimy\AppData\Roaming\SogouExplorer\seupdater.dll c:\users\martinimy\AppData\Roaming\SogouExplorer\Skin\bluesky.setheme c:\users\martinimy\AppData\Roaming\SogouExplorer\Skin\dolphin.setheme c:\users\martinimy\AppData\Roaming\SogouExplorer\Skin\miss.setheme c:\users\martinimy\AppData\Roaming\SogouExplorer\Skin\popo.setheme c:\users\martinimy\AppData\Roaming\SogouExplorer\sogou_explorer_silent_3.1.0.3815_2170.exe c:\users\martinimy\AppData\Roaming\SogouExplorer\Temp\acc.splenkey c:\users\martinimy\AppData\Roaming\SogouExplorer\Temp\MyFavorStartPage.zip c:\users\martinimy\AppData\Roaming\SogouExplorer\Temp\Patches c:\users\martinimy\AppData\Roaming\SogouExplorer\Temp\SogouExplorer.exe c:\users\martinimy\AppData\Roaming\SogouExplorer\Temp\SogouExplorer2.exe c:\users\martinimy\AppData\Roaming\SogouExplorer\Temp\sogouexplorerup.exe c:\users\martinimy\AppData\Roaming\SogouExplorer\uhistory.db c:\users\martinimy\AppData\Roaming\SogouExplorer\urlblack.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\urlcache.dat c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\data_0 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\data_1 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\data_2 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\data_3 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000001 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000003 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000004 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000005 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000006 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000007 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000008 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000009 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_00000a c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_00000b c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_00000c c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_00000d c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_00000f c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\f_000010 c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cache2\index c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Cookies c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\Patches c:\users\martinimy\AppData\Roaming\SogouExplorer\Webkit\VisitedLinks c:\windows\msvcr71.dll . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Boonty Games . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-09-02 au 2012-10-02 )))))))))))))))))))))))))))))))))))) . . 2012-10-02 10:28 . 2012-10-02 10:30 -------- d-----w- c:\users\martinimy\AppData\Local\temp 2012-10-02 07:00 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB05423F-F77C-4C11-B884-99EB4A1EAD89}\mpengine.dll 2012-10-02 06:53 . 2012-10-02 06:53 -------- d-----w- c:\programdata\Lingoes 2012-10-02 06:53 . 2012-10-02 06:53 -------- d-----w- c:\users\martinimy\AppData\Local\Lingoes 2012-10-01 07:18 . 2012-10-01 07:18 -------- d-----w- c:\users\martinimy\AppData\Roaming\Lingoes 2012-09-15 16:24 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-15 16:23 . 2012-09-15 16:23 -------- d-----w- c:\program files\iPod 2012-09-15 16:23 . 2012-09-15 16:24 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-15 16:23 . 2012-09-15 16:24 -------- d-----w- c:\program files\iTunes 2012-09-09 06:59 . 2012-09-09 06:59 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-02 10:30 . 2011-03-08 15:04 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-09-21 13:09 . 2012-04-10 11:49 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-21 13:09 . 2011-05-27 06:07 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-31 10:05 . 2012-01-05 17:50 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-08-31 10:05 . 2012-01-05 17:50 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-08-28 18:24 . 2012-05-22 06:40 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-28 18:24 . 2011-10-31 09:38 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-21 11:01 . 2011-11-30 21:45 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-07-09 11:42 . 2012-07-09 11:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-07-04 14:02 . 2012-09-01 04:58 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-09-09 06:59 . 2011-05-11 07:14 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2011-06-10 06:24 165256 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-05-04 13:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2011-06-10 959880] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2011-10-31 2375680] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-03 237568] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-17 3054136] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968] "Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-24 1833504] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-31 348664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] . c:\users\martinimy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168] FancyStart daemon.lnk - c:\windows\Installer\{A9FEB6D7-9C52-49FC-B956-7AB275B78890}\_5598CE641C54B66A23693F.exe [2009-7-17 12862] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' . 2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:09] . 2012-10-02 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43] . 2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 12:55] . 2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 12:55] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://123.sogou.com/goto?v=Af81002 mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\martinimy\AppData\Roaming\Mozilla\Firefox\Profiles\cyy8uxvq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{338c5d66-6b92-40a7-a216-9830d2e54103} - (no file) HKLM-Run-DisableS3S4 - c:\DisableS3S4.cmd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-02 12:32 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Sidebar = c:\program files\Windows Sidebar\sidebar.exe /autoRun?????????????????????????????????????????????????x?????????????????l?%Program . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-3143209982-1447486212-255070690-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3143209982-1447486212-255070690-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(4292) c:\windows\system32\btmmhook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ASUS\SmartLogon\smartlogon.exe c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\windows\System32\lpksetup.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\ACEngSvr.exe c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\windows\system32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Epson Software\Event Manager\EEventManager.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\iPod\bin\iPodService.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe . ************************************************************************** . Heure de fin: 2012-10-02 12:36:14 - La machine a redémarré ComboFix-quarantined-files.txt 2012-10-02 10:36 . Avant-CF: 176 130 215 936 octets libres Après-CF: 176 352 329 728 octets libres . - - End Of File - - 5E525FB650E8B2BFD30D22C98E2E86ED