clé USB infectée – documents transformés en raccourci 2014-09-23T14:27:17+00:00

Dépannage Informatique : clé USB infectée – documents transformés en raccourci

  • Auteur
    Messages
  • Clarisse
    Participant
    Nombre d'articles : 8

    Bonjour

    j’ai une clé USB qui a été infectée d’un virus qui transforme tous les documents en raccourci.
    Que puis-je faire svp?
    Merci beaucoup

  • Clarisse
    Participant
    Nombre d'articles : 8

    En lisant d’autres sujets sur le site, j’ai trouvé une procédure à suivre… via USBfix…
    Je laisse donc le rapport ainsi édité de ma clé…
    Merci pour votre aide

    ############################## | UsbFix V 7.182 | [Nettoyage]

    Utilisateur: diabolikk2k2 (Administrateur) # DIABOLIKK2K2-PC
    Mis à jour le 14/09/2014 par El Desaparecido – SosVirus
    Lancé à 16:29:53 | 23/09/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Détection en Live : http://comment-supprimer.fr/
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: SAMSUNG ELECTRONICS CO., LTD. (SF311/SF411/SF511)
    CPU: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
    RAM -> [Total : 4007 Mo | Free : 1523 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Mozilla Firefox : 32.0.2

    ################## | Security Information |

    AV: Norton Internet Security [Actif |A jour]
    AS: Windows Defender [(!) Désactivé |(!) Non à jour]
    AS: Norton Internet Security [Actif |A jour]
    FW: Norton Internet Security [Actif]
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 141 Go (42 Go libre(s) – 30%) [] # NTFS
    D: -> Disque fixe # 134 Go (106 Go libre(s) – 79%) [] # NTFS
    G: -> Disque amovible # 2 Go (421 Mo libre(s) – 22%) [] # FAT

    ################## | Recherche générique |

    Supprimé! G:vademecum.lnk
    Supprimé! G:les_fondamentaux_dans_la_démarche_projet_-_Copie.pptx.lnk
    Supprimé! G:Sans_nom_1.odt.lnk
    Supprimé! G:FSD.lnk
    Supprimé! G:Hygiène_et_sécurité.lnk
    Supprimé! G:MJIE.lnk
    Supprimé! G:circulaires_ressort_territorial_politiques_publiques.lnk
    Supprimé! G:fichevoeux2013.xls.lnk
    Supprimé! G:atelier_séminaire.lnk
    Supprimé! G:DU.lnk
    Supprimé! G:LETTRES_DES_CADRES.lnk
    Supprimé! G:rapport_d’activité_mai_à_août_2014.doc.lnk
    Supprimé! G:Copie_de_2014_220914_TABLEAU_ASTREINTES_PLACEMENT_3ème_semestre_2014__version_7.xls.lnk
    Supprimé! G:Photos_Clarisse.lnk
    Supprimé! G:secrétariat.lnk
    Supprimé! G:doc_passée_en_revue.lnk
    Supprimé! G:circulaires,_cahiers_des_charges.lnk
    Supprimé! G:rue.lnk
    Supprimé! G:jo.lnk
    Supprimé! G:Note_4545_du_30.07.2012_(1).pdf.lnk
    Supprimé! G:mémoire_Samia.pdf.lnk
    Supprimé! G:réunion_de_service.lnk
    Supprimé! G:listes_stagiaires_2012-2014.lnk
    Supprimé! G:cours_rapport_d’activité.lnk
    Supprimé! G:MES_DOCUMENTS.lnk
    Supprimé! G:cours_droit_public.lnk
    Supprimé! G:Faire-part_de_naissance_personnalisés,_faire-part_fpc.url.lnk
    Supprimé! G:douai.lnk
    Supprimé! G:ftaccserv0713[1].pdf.lnk
    Supprimé! G:grhcparent[1].pdf.lnk
    Supprimé! G:grhcmpa[1].pdf.lnk
    Supprimé! G:grhtp[1].pdf.lnk
    Supprimé! G:Promotion_Alexis_DananNB1_1000.jpg.lnk
    Supprimé! G:grhca[1].pdf.lnk
    Supprimé! G:demande_de_contractuel_UEMO_Valenciennes.doc.lnk

    (!) Fichiers temporaires supprimés. (14.2172765731812 MB)

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKLM..Run : [APSDaemon] “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLM..Run : [iTunesHelper] “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – [x64] HKLM..Run : [IntelliPoint] “C:Program FilesMicrosoft IntelliPointipoint.exe”
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | UsbFix – Information |

    Info : Comment supprimer l’infection des raccourcis sur USB ? (Video)
    Info : L’infection des raccourcis USB, c’est quoi ?

    ################## | Hijack |

    Restauré! [D] G:vademecum
    Restauré! [N] G:les_fondamentaux_dans_la_démarche_projet_-_Copie.pptx
    Restauré! [N] G:Sans_nom_1.odt
    Restauré! [D] G:FSD
    Restauré! [D] G:Hygiène_et_sécurité
    Restauré! [D] G:MJIE
    Restauré! [D] G:circulaires_ressort_territorial_politiques_publiques
    Restauré! [N] G:fichevoeux2013.xls
    Restauré! [D] G:atelier_séminaire
    Restauré! [D] G:DU
    Restauré! [D] G:LETTRES_DES_CADRES
    Restauré! [N] G:rapport_d’activité_mai_à_août_2014.doc
    Restauré! [N] G:Copie_de_2014_220914_TABLEAU_ASTREINTES_PLACEMENT_3ème_semestre_2014__version_7.xls
    Restauré! [D] G:Photos_Clarisse
    Restauré! [D] G:secrétariat
    Restauré! [D] G:doc_passée_en_revue
    Restauré! [D] G:circulaires,_cahiers_des_charges
    Restauré! [D] G:rue
    Restauré! [D] G:jo
    Restauré! [N] G:Note_4545_du_30.07.2012_(1).pdf
    Restauré! [N] G:mémoire_Samia.pdf
    Restauré! [D] G:réunion_de_service
    Restauré! [D] G:listes_stagiaires_2012-2014
    Restauré! [D] G:cours_rapport_d’activité
    Restauré! [D] G:MES_DOCUMENTS
    Restauré! [D] G:cours_droit_public
    Restauré! [N] G:Faire-part_de_naissance_personnalisés,_faire-part_fpc.url
    Restauré! [N] G:ftaccserv0713[1].pdf
    Restauré! [N] G:Promotion_Alexis_DananNB1_1000.jpg
    Restauré! [N] G:grhcparent[1].pdf
    Restauré! [N] G:grhcmpa[1].pdf
    Restauré! [N] G:grhtp[1].pdf
    Restauré! [N] G:grhca[1].pdf
    Restauré! [N] G:demande_de_contractuel_UEMO_Valenciennes.doc
    Restauré! [D] G:douai

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [23/09/2014 – 15:25:58 | ASH | 4103288 Ko] – C:hiberfil.sys
    [23/09/2014 – 15:26:04 | ASH | 4103288 Ko] – C:pagefile.sys
    [11/09/2014 – 02:49:31 | D] – C:Config.Msi
    [16/07/2011 – 01:41:30 | A | 2 Ko] – C:RHDSetup.log
    [15/04/2012 – 22:15:41 | A | 0 Ko] – C:setup.log
    [18/12/2012 – 19:51:08 | A | 2 Ko] – C:photodex-presenter-install.log
    [23/09/2013 – 18:12:12 | SHD] – C:$Recycle.Bin
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [16/07/2011 – 01:38:31 | D] – C:Intel
    [16/04/2012 – 04:01:05 | SHD] – C:Recovery
    [16/04/2012 – 04:02:49 | RD] – C:Users
    [11/05/2012 – 15:56:58 | RHD] – C:MSOCache
    [04/08/2013 – 20:37:53 | RD] – C:Program Files
    [19/09/2014 – 00:38:10 | D] – C:Program Files (x86)
    [23/09/2014 – 15:25:51 | SHD] – C:System Volume Information
    [23/09/2014 – 15:26:14 | D] – C:Windows
    [23/09/2014 – 15:56:19 | HD] – C:ProgramData
    [23/09/2014 – 16:16:55 | D] – C:UsbFix

    ################## | D: – Disque Fixe (NTFS) |

    [15/04/2012 – 22:17:56 | SHD] – D:$RECYCLE.BIN
    [21/04/2012 – 02:18:03 | D] – D:SamsungRecovery
    [21/04/2012 – 02:27:33 | D] – D:SystemSoftware
    [19/11/2012 – 23:41:18 | D] – D:enpjj
    [28/02/2014 – 01:36:41 | D] – D:31fda6451d561c832104
    [23/09/2014 – 15:25:57 | SHD] – D:System Volume Information

    ################## | G: – Disque USB (FAT) |

    [29/03/2013 – 17:20:36 | N | 439 Ko] – G:fichevoeux2013.xls
    [22/09/2014 – 10:25:12 | N | 56 Ko] – G:Copie_de_2014_220914_TABLEAU_ASTREINTES_PLACEMENT_3ème_semestre_2014__version_7.xls
    [08/07/2013 – 10:36:52 | N | 0 Ko] – G:Faire-part_de_naissance_personnalisés,_faire-part_fpc.url
    [09/10/2012 – 01:34:38 | N | 243 Ko] – G:les_fondamentaux_dans_la_démarche_projet_-_Copie.pptx
    [14/06/2012 – 12:19:02 | N | 969 Ko] – G:mémoire_Samia.pdf
    [31/07/2012 – 17:06:32 | N | 357 Ko] – G:Note_4545_du_30.07.2012_(1).pdf
    [15/07/2013 – 16:35:46 | N | 49 Ko] – G:ftaccserv0713[1].pdf
    [16/07/2013 – 08:53:08 | N | 346 Ko] – G:grhcmpa[1].pdf
    [16/07/2013 – 08:55:46 | N | 352 Ko] – G:grhtp[1].pdf
    [16/07/2013 – 10:26:28 | N | 164 Ko] – G:grhcparent[1].pdf
    [16/07/2013 – 10:27:32 | N | 140 Ko] – G:grhca[1].pdf
    [28/05/2014 – 17:33:46 | N | 16 Ko] – G:Sans_nom_1.odt
    [15/07/2013 – 16:42:12 | N | 824 Ko] – G:Promotion_Alexis_DananNB1_1000.jpg
    [15/09/2014 – 17:36:14 | N | 103 Ko] – G:rapport_d’activité_mai_à_août_2014.doc
    [22/09/2014 – 15:46:14 | N | 88 Ko] – G:demande_de_contractuel_UEMO_Valenciennes.doc
    [15/07/2013 – 16:02:38 | D] – G:FSD
    [15/07/2013 – 16:02:42 | D] – G:Hygiène_et_sécurité
    [15/07/2013 – 16:02:46 | D] – G:MJIE
    [15/07/2013 – 16:03:00 | D] – G:circulaires_ressort_territorial_politiques_publiques
    [15/07/2013 – 16:03:26 | D] – G:atelier_séminaire
    [15/07/2013 – 16:03:42 | D] – G:DU
    [15/07/2013 – 16:03:48 | D] – G:LETTRES_DES_CADRES
    [15/07/2013 – 16:05:58 | D] – G:Photos_Clarisse
    [15/07/2013 – 16:06:24 | D] – G:secrétariat
    [15/07/2013 – 16:07:24 | D] – G:doc_passée_en_revue
    [15/07/2013 – 16:07:54 | D] – G:circulaires,_cahiers_des_charges
    [15/07/2013 – 16:09:22 | D] – G:rue
    [15/07/2013 – 16:11:52 | D] – G:jo
    [15/07/2013 – 16:12:04 | D] – G:réunion_de_service
    [15/07/2013 – 16:12:08 | D] – G:listes_stagiaires_2012-2014
    [15/07/2013 – 16:12:12 | D] – G:cours_rapport_d’activité
    [15/07/2013 – 16:12:48 | D] – G:MES_DOCUMENTS
    [15/07/2013 – 16:24:10 | D] – G:cours_droit_public
    [10/03/2014 – 18:24:40 | D] – G:douai
    [28/05/2014 – 17:20:52 | D] – G:vademecum

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8418

    bonjour tous tes supports usb étaient connectés pour le nettoyage avec usbfix ?

  • Clarisse
    Participant
    Nombre d'articles : 8

    oui

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8418

    ok alors ca doit être bon de ce coté là

    on fait un diag

    • Copie le script ci dessous :
      HKCUSoftware
      HKCUSoftwareAppDataLow /s
      HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /s
      HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /s
      HKLMSoftware
      HKCUSoftwareMicrosoftCommand Processor /s
      HKLMSoftwareMicrosoftCommand Processor /s
      HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /s
      HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /s
      HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU /s
      HKLMSystemCurrentControlSetControlSession ManagerAppcertDlls /s
      %Homedrive%*
      %Homedrive%*.
      %Homedrive%Recycler*.exe /s
      %Homedrive%Recycler*.scr /s
      %Homedrive%Recycler*.pif /s
      %Homedrive%Recycler*.vb* /s
      %Homedrive%$Recycle.bin*.exe /s
      %Homedrive%$Recycle.bin*.scr /s
      %Homedrive%$Recycle.bin*.pif /s
      %Homedrive%$Recycle.bin*.vb* /s
      %Userprofile%*
      %Userprofile%*.
      %Allusersprofile%*
      %Allusersprofile%*.
      %LocalAppData%*
      %LocalAppData%*.
      %Userprofile%Local Settings*
      %Userprofile%Local Settings*.
      %Userprofile%Local SettingsApplication Data*
      %Userprofile%Local SettingsApplication Data*.
      %Userprofile%AppDataLocalGoogleChromeUser DataDefaultPepper DataShockwave FlashWritableRoot#SharedObjects*
      %Userprofile%AppDataLocalGoogleChromeUser DataDefaultPepper DataShockwave FlashWritableRoot#SharedObjects*.
      %Userprofile%Local SettingsApplication DataGoogleChromeUser DataDefaultPepper DataShockwave FlashWritableRoot#SharedObjects*
      %Userprofile%Local SettingsApplication DataGoogleChromeUser DataDefaultPepper DataShockwave FlashWritableRoot#SharedObjects*.
      %programFiles%*
      %programFiles%*.
      %programfiles%GoogleDesktop*.
      %ProgramFiles%Common Files*.
      %ProgramFiles(X86)%Common Files*.
      %Systemroot%Installer*.
      %Systemroot%Temp*.exe /s
      %systemroot%system32*.dll /lockedfiles
      %systemroot%system32*.exe /lockedfiles
      %systemroot%system32*.in*
      %systemroot%PSS* /s
      %systemroot%Tasks*
      %systemroot%Tasks*.
      %systemroot%system32Tasks*
      %systemroot%system32Tasks*.
      %systemroot%syswow64Tasks*
      %systemroot%syswow64Tasks*.
      %systemroot%system32drivers*.sy* /lockedfiles
      %systemroot%system32config*.exe /s
      %Systemroot%ServiceProfiles*.exe /s
      %systemroot%system32*.sys
      dir %Homedrive%* /S /A:L /C
      msconfig
      activex
      /md5start
      explorer.exe
      winlogon.exe
      wininit.exe
      volsnap.sys
      atapi.sys
      ndis.sys
      cdrom.sys
      i8042prt.sys
      iastor.sys
      tdx.sys
      netbt.sys
      afd.sys
      /md5stop
      netsvcs
      safebootminimal
      safebootnetwork
      CREATERESTOREPOINT

    • Télécharge OTL (by OldTimer) sur ton bureau.
    • Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    • Coche/Sélectionne les cases comme l’image ci dessous

    • Colle le Script copié plus haut dans la partie inférieure d’OTL “Personnalisation”
    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Aide : Comment héberger un fichier sur SOSUpload ?

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

      En cas de problème avec SOSUpload, utiliser Cjoint

  • Clarisse
    Participant
    Nombre d'articles : 8

    https://antimalware.top/www/?a=d&i=cvey78pLbS” onclick=”window.open(this.href);return false;

  • Clarisse
    Participant
    Nombre d'articles : 8

    https://antimalware.top/www/?a=d&i=gjTfxQbFKH” onclick=”window.open(this.href);return false;

  • Clarisse
    Participant
    Nombre d'articles : 8

    MERCI

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8418

    re

    machine pleine d’adwares 🙂

    • Désactive ton antivirus le temps du téléchargement et de l’utilisation.
    • Télécharge AdsFix sur ton bureau.
      Note : Enregistrer votre travail avant de continuer !
    • Lance AdsFix
    • Pour un pc assez infecté , il peut mettre plusieurs secondes à se charger
    • Inscrit ton pays
    • Clique sur Nettoyer , après l’avoir débloqué dans les options

      Note : Patiente le temps du scan
    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy
    • Héberge le rapport C:AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.

    Aide:

  • Clarisse
    Participant
    Nombre d'articles : 8

    https://antimalware.top/www/?a=d&i=USthQngwE0” onclick=”window.open(this.href);return false;

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8418

    re

    on passe un généraliste , ensuite on refera un diag et si c’est propre , on plie avec un bon menage 🙂

    ===

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware Premium”

    • Clic sur Mettre à jour (à droite, au centre)

    • Clic sur Examen (en haut)
    • Sélectionne Examen “Menaces”
    • Clic sur Examiner maintenant

    • A la fin du scan clic sur Tout mettre en quarantaine !
    • Clic sur Copier dans le Presse-papiers
    • Un rapport va s’ouvrir. Copie/Colle son contenue dans ta prochaine réponse.
  • Clarisse
    Participant
    Nombre d'articles : 8

    Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Scan Date: 28/09/2014
    Scan Time: 20:00:34
    Logfile: XX.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.28.07
    Rootkit Database: v2014.09.19.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: diabolikk2k2

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 357767
    Time Elapsed: 19 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 1
    PUP.Optional.MultiPlug.A, C:ProgramDataSearchNewTab51901476e7b5d.dll, Delete-on-Reboot, [1fe8559e64173afc2e738c8c9c6512ee],

    Registry Keys: 25
    PUP.Optional.MultiPlug.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{6C7659BA-6304-E192-87F7-6BC2F4411DE3}, Quarantined, [1fe8559e64173afc2e738c8c9c6512ee],
    PUP.Optional.MultiPlug.A, HKLMSOFTWAREWOW6432NODEMICROSOFTWINDOWSCURRENTVERSIONEXPLORERBROWSER HELPER OBJECTS{6C7659BA-6304-E192-87F7-6BC2F4411DE3}, Quarantined, [1fe8559e64173afc2e738c8c9c6512ee],
    PUP.Optional.MultiPlug.A, HKUS-1-5-21-478711191-1416624994-1632020750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{6C7659BA-6304-E192-87F7-6BC2F4411DE3}, Quarantined, [1fe8559e64173afc2e738c8c9c6512ee],
    PUP.Optional.MultiPlug.A, HKUS-1-5-21-478711191-1416624994-1632020750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{6C7659BA-6304-E192-87F7-6BC2F4411DE3}, Quarantined, [1fe8559e64173afc2e738c8c9c6512ee],
    PUP.Optional.Wajam.A, HKLMSOFTWARECLASSESAPPID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [749329ca08730036566dd2f837cb8779],
    PUP.Optional.Wajam.A, HKLMSOFTWAREWOW6432NODECLASSESAPPID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [749329ca08730036566dd2f837cb8779],
    PUP.Optional.MySearchDial.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKLMSOFTWARECLASSESTYPELIB{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKLMSOFTWAREWOW6432NODECLASSESTYPELIB{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKLMSOFTWARECLASSESesrv.mysearchdialESrvc.1, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKLMSOFTWARECLASSESesrv.mysearchdialESrvc, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKLMSOFTWAREWOW6432NODECLASSESesrv.mysearchdialESrvc, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKLMSOFTWAREWOW6432NODECLASSESesrv.mysearchdialESrvc.1, Quarantined, [25e226cd7506191d43b304c5ef13d12f],
    PUP.Optional.MySearchDial.A, HKUS-1-5-21-478711191-1416624994-1632020750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [1aed1ed50279a393307c444cbb478a76],
    PUP.Optional.MySearchDial.A, HKLMSOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [1aed1ed50279a393307c444cbb478a76],
    PUP.Optional.SilentInstall.A, HKLMSOFTWAREWOW6432NODEMICROSOFTWINDOWSCURRENTVERSIONUNINSTALL{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}, Quarantined, [0ef9faf9324977bfa91e9f7b35cc4ab6],
    PUP.Optional.FastSearchings, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERSEARCHSCOPES{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [de2992618af113230b74e990d3319d63],
    PUP.Optional.MySearchDial.A, HKUS-1-5-21-478711191-1416624994-1632020750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREmysearchdial.com, Quarantined, [a95e599af6850f27cb0d213716ee857b],
    PUP.Optional.WebSearchInfo, HKUS-1-5-21-478711191-1416624994-1632020750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [5cabdc17abd0bb7b20de9dc861a338c8],
    PUP.Optional.SearchNewTab, HKLMSOFTWARECLASSESTYPELIB{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, HKLMSOFTWARECLASSESINTERFACE{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, HKLMSOFTWARECLASSESINTERFACE{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, HKLMSOFTWAREWOW6432NODECLASSESINTERFACE{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, HKLMSOFTWAREWOW6432NODECLASSESINTERFACE{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, HKLMSOFTWAREWOW6432NODECLASSESTYPELIB{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [e1261dd6f9825adc390727b6679b946c],

    Registry Values: 2
    PUP.Optional.MySearchDial.A, HKLMSOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [32d53eb5cab182b4441d21fc877c9769]
    PUP.Optional.MySearchDial.A, HKUS-1-5-21-478711191-1416624994-1632020750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, Quarantined, [ac5b1cd763188fa782e01a03ad5629d7]

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.SearchNewTab, C:ProgramDataSearchNewTab, Delete-on-Reboot, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, C:ProgramDataSearchNewTabdata, Quarantined, [e1261dd6f9825adc390727b6679b946c],

    Files: 48
    PUP.Optional.MultiPlug.A, C:ProgramDataSearchNewTab51901476e7b5d.dll, Delete-on-Reboot, [1fe8559e64173afc2e738c8c9c6512ee],
    PUP.Optional.SilentInstall.A, C:ProgramDataSearchNewTabuninstall.exe, Quarantined, [0ef9faf9324977bfa91e9f7b35cc4ab6],
    PUP.Optional.PCPerformer.A, C:WindowsSystem32roboot64.exe, Quarantined, [be4951a2c6b5e0569870002103fd18e8],
    PUP.Optional.Net01.A, C:Usersdiabolikk2k2Downloadsinstall_flashplayer11x32_mssd_aaa_aih(1).exe, Quarantined, [e02711e26417ce681a1df98b50b4e818],
    PUP.Optional.Net01.A, C:Usersdiabolikk2k2Downloadsinstall_flashplayer11x32_mssd_aaa_aih.exe, Quarantined, [32d5b63d3843cd6960d7c9bbb252e41c],
    PUP.Optional.Installcore, C:Usersdiabolikk2k2Downloadsinstall_flashplayer12x32_mssd_aaa_aih.exe, Quarantined, [61a6688bd7a454e263ede0f446be0ff1],
    PUP.Optional.InstallCore, C:Usersdiabolikk2k2DownloadsPicasa.exe, Quarantined, [b1561fd4bdbeaa8c3574839ec43cd22e],
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultsearchpluginsMysearchdial.xml, Quarantined, [ee19cc27c0bb9b9b54fe6bcc887bf40c],
    PUP.Optional.WebSearch.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultsearchpluginsWebSearch.xml, Quarantined, [b0576f8484f787af95204ceb30d30cf4],
    PUP.Optional.SearchNewTab, C:ProgramDataSearchNewTab51901476e7b5d.tlb, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, C:ProgramDataSearchNewTabsettings.ini, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.SearchNewTab, C:ProgramDataSearchNewTabdataSearchNewTab.dat, Quarantined, [e1261dd6f9825adc390727b6679b946c],
    PUP.Optional.CrossRider.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.crossrider.bic”, “1410a1dcc154427463dc515e003a30a8”);), Replaced,[40c719dad8a34de9b97172d20302dd23]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.AL”, 2);), Replaced,[a760cc27ec8faa8c3cf563e155b059a7]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.aflt”, “tele0202ie”);), Replaced,[91768271cdae4aec3bf673d1d72e49b7]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”);), Replaced,[15f2a94a3c3f46f0bc75f54f54b15ba5]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzuzytD0AyE0D0EyC0F0CyD0Bzz0E0D0FyCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0C0DtDtBzzyCtGtDyBtDyEtGtCyC0F0DtGtC0Azy0CtGtCtBtDyDtC0E0A0C0A0Ezy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0D0ByE0D0BtG0FtC0EtBtGtDtBtD0DtGzyyCzyzztGyD0CzztBzytDtAtDyD0C0EyE2Q”);), Replaced,[d433fcf788f3979fbc7579cb7e87867a]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cntry”, “FR”);), Replaced,[43c4c2312f4cd660141d94b0c243629e]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.cr”, “679080207”);), Replaced,[1ee9a35065166ec8e44db391f114c13f]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dfltLng”, “”);), Replaced,[ad5a856ee299d56141f06cd8ee170ef2]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dfltSrch”, true);), Replaced,[43c4e112a3d843f33df4db698085c53b]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dnsErr”, true);), Replaced,[cf38b83bc0bbeb4b87aa4301b74ef709]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.dpkLst”, “3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613”);), Replaced,[b15615defd7eaf87f23f8aba0afbf30d]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.excTlbr”, false);), Replaced,[1ee97e753a41bf77d75ab98b2bdac23e]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hdrMd5”, “E12E6EAFE389B40B623D59DAC6C5D4E5”);), Replaced,[06019a59ceadba7c929f7fc5679e19e7]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hmpg”, true);), Replaced,[83849261c3b8ec4a87aad17326df1fe1]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=tele0202ie&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EyC0F0CyD0Bzz0E0D0FyCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0C0DtDtBzzyCtGtDyBtDyEtGtCyC0F0DtGtC0Azy0CtGtCtBtDyDtC0E0A0C0A0Ezy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0D0ByE0D0BtG0FtC0EtBtGtDtBtD0DtGzyyCzyzztGyD0CzztBzytDtAtDyD0C0EyE2Q&cr=679080207&ir=”);), Replaced,[5ea9cb28f58679bd48e9da6a2bda57a9]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.id”, “90A4DE6FC5B8EDF6”);), Replaced,[2adda152ff7c71c50a271b29a5602fd1]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.instlDay”, “16133”);), Replaced,[5fa8d41f1863cb6bb37e71d35ca923dd]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.instlRef”, “0901-a”);), Replaced,[43c43db6ed8e2e0872bf2222699c43bd]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.lastB”, “http://start.mysearchdial.com/?f=1&a=tele0202ie&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EyC0F0CyD0Bzz0E0D0FyCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0C0DtDtBzzyCtGtDyBtDyEtGtCyC0F0DtGtC0Azy0CtGtCtBtDyDtC0E0A0C0A0Ezy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0D0ByE0D0BtG0FtC0EtBtGtDtBtD0DtGzyyCzyzztGyD0CzztBzytDtAtDyD0C0EyE2Q&cr=679080207&ir=”);), Replaced,[7f884fa4374466d084ad3b098580d828]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.29.023:20:51”);), Replaced,[bd4a6c87f685d75f3ef3fb4952b3dd23]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=tele0202ie&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EyC0F0CyD0Bzz0E0D0FyCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0C0DtDtBzzyCtGtDyBtDyEtGtCyC0F0DtGtC0Azy0CtGtCtBtDyDtC0E0A0C0A0Ezy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0D0ByE0D0BtG0FtC0EtBtGtDtBtD0DtGzyyCzyzztGyD0CzztBzytDtAtDyD0C0EyE2Q&cr=679080207&ir=”);), Replaced,[67a0658e5c1ff93da68b45ffd33216ea]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.pnu_base”, “{“newVrsn”:”90″,”lastVrsn”:”90″,”vrsnLoad”:””,”showMsg”:”false”,”showSilent”:”false”,”msgTs”:0,”lstMsgTs”:”0″}”);), Replaced,[6b9c559e1c5fdf57f63be55fc63f47b9]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”);), Replaced,[ba4d8370ff7c2c0adb56251f7a8b20e0]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”);), Replaced,[e423f8fb83f8e94d1918c480877e0bf5]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.sg”, “none”);), Replaced,[49beb043cdaefa3c2908b09460a5ef11]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”);), Replaced,[ab5c8a691e5d77bf81b092b27c892cd4]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.tlbrId”, “base”);), Replaced,[42c57182b0cbc96d2d04df6535d0cc34]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=tele0202ie&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EyC0F0CyD0Bzz0E0D0FyCtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0C0DtDtBzzyCtGtDyBtDyEtGtCyC0F0DtGtC0Azy0CtGtCtBtDyDtC0E0A0C0A0Ezy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0D0ByE0D0BtG0FtC0EtBtGtDtBtD0DtGzyyCzyzztGyD0CzztBzytDtAtDyD0C0EyE2Q&cr=679080207&ir=&q=”);), Replaced,[2add5b9842396dc9ae8361e3778eeb15]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.vrsn”, “1.8.29.0”);), Replaced,[040318db017aab8b121faa9a6a9b857b]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial.vrsni”, “1.8.29.0”);), Replaced,[f413fcf7c9b29c9aea47ec58aa5b2bd5]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.hmpg”, true);), Replaced,[689fa84b6417c670d65b8cb8ff0636ca]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.newTab”, false);), Replaced,[90779c57275461d59f92261e4abb916f]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.smplGrp”, “none”);), Replaced,[9e6948abe497e452ee43133116efe21e]
    PUP.Optional.MySearchDial.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.29.023:20:51”);), Replaced,[33d4cc2788f341f54fe2b19361a4a65a]
    PUP.Optional.Babylon.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.BabylonToolbar.prtkDS”, 0);), Replaced,[1ceb9f543d3e6cca4bef172dd0351fe1]
    PUP.Optional.Babylon.A, C:Usersdiabolikk2k2AppDataRoamingMozillaFirefoxProfileslduospk4.defaultprefs.js, Good: (), Bad: (user_pref(“extensions.BabylonToolbar.prtkHmpg”, 0);), Replaced,[41c6ca299be0f54192a82d17679ecd33]

    Physical Sectors: 0
    (No malicious items detected)

    (end)

  • Clarisse
    Participant
    Nombre d'articles : 8

    Je ne sais pas si c’est bien ce rapport car en cliquant sur copier dans le presse-papier, rien ne s’est passé…
    merci

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8418

    re

    si c’est bon

    mais je m’apercois que tu ne désacives pas totalement norton pour utiliser les outils , résultat , ils ne traivaillent pas comme ils devraient

    télécharge QuickDiag : http://www.aht.li/2448447/QuickDiag.exe” onclick=”window.open(this.href);return false;

    lance-le , clique sur Extended , puis une fois qu’il a terminé ,heberge le rapport sur https://antimalware.top” onclick=”window.open(this.href);return false; et donne le lien obtenu

Le sujet ‘clé USB infectée – documents transformés en raccourci’ est fermé à de nouvelles réponses.