bonjour,

Je suis sur un Lenovo récent sous Win 8.1. j'utilise depuis des lunes Firefox. J'ai viré Internet explorer et jamais installé Chrome. Je n'ai rien contre Google à priori.

Depuis quelques temps en cliquant certains liens j'ai ouvert un Chrome (inconnu théoriquement sur ma machine)

Quelques recherches "google" ou " chrome" dans le système : Rien dans les programmes installés et rien dans programmes et/ou programmes files (x86).

En cliquant les propriétés de l'cone 'chrome' ouvert par le lien ou decouvre un nom d'executable  : vreXjvX

RE-recherche : programmes installés = rien, et finallement trouvé dans les programmes files(x86) : le repertoire caché de Chrome !

Sur le Net , curieusement il est fait mention du "cache" chrome, pour les pages visitées,

pas d'une installation de chrome ...

Bref il s'agit dons bien d'une installation à mon insu, d'une manip au moins NON transparente, NON déclarée dans le système, prenant la main sur la visualisation de certains fichiers :

ce qui peut être considéré comme une manipulation cachée de forcage, un abus de pouvoir,

une action clairement illicite et pirate de la part de GOOGLE-CHROME.

Solution : répertoire vrexjvx effacé et redemarrage. Les liens concernés sont reformés facillement avec votre navigateur favori.

Merci de votre attention.

 

 

 

 

Re: vrexjvx le chrome pirate

Bonjour,

Chrome a dû s'installer en tant que sponsor de l'un des logiciels que vous avez récemment installé.

Cependant, vreXjvX est lié à un logiciel malveillant et non à Chrome..

Avez-vous utilisé AdwCleaner ?

Cordialement,

Re: vrexjvx le chrome pirate

Oui, dabord j'avais déja éliminé le répertoire vreXjvX, et , bravo à adwcleaner, qui a su éradiquer la ré-install automatique de ce malware. Le problème n'est pas, que j'ai laissé passer par inadvertance (inattention) une installation de sponsor,ce qui doit etre publiquement connu c'est que GOOGLE-CHROME (ou ses délégués) , trichent. Ils installent sous un nom farfelu, de manière invisible dans la liste des programmes installés, sans aucune réference sous le nom de 'Chrome' dans les répertoires, un navigateur fantôme. Ceci est une manipulation délibérement frauduleuse qui a pour but d'abuser et imposer leur navigateur. Comment une entreprise aussi riche et puissante a t elle recours à ces méthodes de voyous ? Quand à croire que GOOGLE ignore, et/ou ne soit pas lié/concerné par cette manip, c'est malheureusement, surement peu plausible. Cordialement

 

Re: vrexjvx le chrome pirate

Bonjour,

Juste pour vérifier qu'il n'y a pas de trace :

--> Télécharge MiniRegTool64.zip (de Farbar) sur ton Bureau :

http://download.bleepingcomputer.com/farbar/MiniRegTool64.zip

--> Fais un clic-droit dessus, choisis Extraire tout... puis le bouton Extraire

--> Lance l'outil MiniRegTool64 contenu dans le dossier extrait. (Sous Windows Vista/7/8/10, clic droit sur MiniRegTool64 > Exécuter en tant qu'administrateur)

--> Copie-colle le contenu suivant dans le cadre de MiniRegTool64 : vreXjvX

--> Coche le bouton Search.  

--> Clique sur le bouton Go.

--> Poste le rapport (Report) dans ta prochaine réponse.

Re: vrexjvx le chrome pirate

Bonjour, BIEN ce  'MiniRegTool64' ! Résultat effarant : la base de registre est encore engluée ! Je suppose que je dois effectuer un "delete" maintenant ? Merci

le result :______________________________________________

MiniRegTool64 by Farbar Version:21-07-2014
Ran by User (administrator) on 2016-05-25 at 11:36:56

==========================================
Search Result For: "vreXjvX"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds]
"vreXjvXHTM"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds]
"vreXjvXHTM"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds]
"vreXjvXHTM"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds]
"vreXjvXHTM"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM\Application]
"ApplicationName"="vreXjvX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM\Application]
"ApplicationDescription"="vreXjvX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM\Application]
"ApplicationCompany"="vreXjvX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM\Application]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vreXjvXHTM\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\.htm\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\.htm\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\.DEFAULT\Software\Classes\.htm\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\.html\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\.html\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\.DEFAULT\Software\Classes\.html\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\.shtml\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\.shtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\.DEFAULT\Software\Classes\.shtml\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\.xht\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\.DEFAULT\Software\Classes\.xhtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM]
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM\Application]
"ApplicationName"="vreXjvX"
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM\Application]
"ApplicationDescription"="vreXjvX"
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM\Application]
"ApplicationCompany"="vreXjvX"
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM\Application]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\vreXjvXHTM\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet]
""="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM]
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM]
""="vreXjvX"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities]
"ApplicationName"="vreXjvX"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".htm"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".html"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".shtml"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".xht"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".xhtml"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\StartMenu]
"StartMenuInternet"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"https"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"ftp"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"http"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-HideIconsCommand""
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-ReinstallCommand""
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-ShowIconsCommand""
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet\vreXjvXHTM\shell\open\command]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.htm"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.html"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.shtml"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.xht"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.xhtml"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_https"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_ftp"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_http"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\.DEFAULT\Software\RegisteredApplications]
"vreXjvXHTM"="SOFTWARE\Clients\StartMenuInternet\vreXjvXHTM\Capabilities"
[HKEY_USERS\.DEFAULT\Software\RegisteredApplications]
"vreXjvXHTM"="SOFTWARE\Clients\StartMenuInternet\vreXjvXHTM\Capabilities"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet]
""="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM]
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM]
""="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities]
"ApplicationName"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".htm"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".html"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".shtml"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".xht"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".xhtml"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\StartMenu]
"StartMenuInternet"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"https"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"ftp"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"http"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-HideIconsCommand""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-ReinstallCommand""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-ShowIconsCommand""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Clients\StartMenuInternet\vreXjvXHTM\shell\open\command]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9b5a1bdf_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0286&subsys_17aa3697&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume5\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.htm"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.html"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.shtml"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.xht"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.xhtml"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_https"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_ftp"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_http"="0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.shtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.xht\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.xhtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\ftp\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe"="0x534143500100000000000000070000002800000098BD0F004D48100001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000066D20600000000001C0000001C000000"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\ProgramData\vreXjvX\protect\protect.exe"="0x5341435001000000000000000700000028000000989F0400FE2B050001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000100000001000000"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\RegisteredApplications]
"vreXjvXHTM"="SOFTWARE\Clients\StartMenuInternet\vreXjvXHTM\Capabilities"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\RegisteredApplications]
"vreXjvXHTM"="SOFTWARE\Clients\StartMenuInternet\vreXjvXHTM\Capabilities"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.htm\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.htm\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.htm\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.html\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.html\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.html\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.shtml\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.shtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.shtml\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.xht\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\.xhtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM]
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM\Application]
"ApplicationName"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM\Application]
"ApplicationDescription"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM\Application]
"ApplicationCompany"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM\Application]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Classes\vreXjvXHTM\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.htm\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.htm\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.htm\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.html\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.html\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.html\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.shtml\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.shtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.shtml\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.xht\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\.xhtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM]
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM\Application]
"ApplicationName"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM\Application]
"ApplicationDescription"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM\Application]
"ApplicationCompany"="vreXjvX"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM\Application]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002_Classes\vreXjvXHTM\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\.htm\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\.htm\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-18\Software\Classes\.htm\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\.html\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\.html\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-18\Software\Classes\.html\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\.shtml\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\.shtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-18\Software\Classes\.shtml\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\.xht\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-18\Software\Classes\.xhtml\OpenWithProgids]
"vreXjvXHTM"=""
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM]
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM\Application]
"ApplicationName"="vreXjvX"
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM\Application]
"ApplicationDescription"="vreXjvX"
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM\Application]
"ApplicationCompany"="vreXjvX"
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM\Application]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\vreXjvXHTM\shell\open\command]
""=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet]
""="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM]
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM]
""="vreXjvX"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities]
"ApplicationName"="vreXjvX"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".htm"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".html"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".shtml"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".xht"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\FileAssociations]
".xhtml"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\StartMenu]
"StartMenuInternet"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"https"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"ftp"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\Capabilities\URLAssociations]
"http"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\DefaultIcon]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-HideIconsCommand""
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-ReinstallCommand""
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe" "-ShowIconsCommand""
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet\vreXjvXHTM\shell\open\command]
""="C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.htm"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.html"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.shtml"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.xht"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_.xhtml"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_https"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_ftp"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"vreXjvXHTM_http"="0"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-18\Software\RegisteredApplications]
"vreXjvXHTM"="SOFTWARE\Clients\StartMenuInternet\vreXjvXHTM\Capabilities"
[HKEY_USERS\S-1-5-18\Software\RegisteredApplications]
"vreXjvXHTM"="SOFTWARE\Clients\StartMenuInternet\vreXjvXHTM\Capabilities"

==== End of Search ====

 

Re: vrexjvx le chrome pirate

Merci, j'ai ajouté ce que j'ai pu de vreXjvX dans la base de données d'AdwCleaner, Xplode doit encore les valider.

Passe un coup de MalwareBytes' Anti-Malware en espérant qu'il le détecte :

http://www.commentcamarche.net/faq/15773-malwarebytes-anti-malware-tutoriel

Re: vrexjvx le chrome pirate

Bonsoir, cet antimalware a donné quelques résultats informels, avec peu de corrections : photo sur :

On peut y apercevoir un curieux "arthurj8283@gmail.com\chrome" dans les datas users de firefox...

Puis en attente d'un outil solveur du problème j'ai (sauvegardé puis) nettoyé la base de reg à la main. (qq minutes!)  Résultat encourageant mais non parfait :

MiniRegTool64 by Farbar Version:21-07-2014
Ran by User (administrator) on 2016-05-25 at 19:10:12

==========================================
Search Result For: "vreXjvX"

[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"ProgId"="vreXjvXHTM"
[HKEY_USERS\S-1-5-21-3374183253-3920876717-948248992-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"ProgId"="vreXjvXHTM"

==== End of Search ====

Ces dernières lignes refusant de se faire supprimer ou modifier !

L'outil magique sera celui qui est capable de prendre la liste fournie par "MiniRegTool" et d'éradiquer les lignes correspondantes dans la base de reg, une sorte de batch pouvant à partir d'une liste, supprimer ou modifier la clé ....

j'ai re-booté a priori sans nouveau problème.

Bonne continuation

Re: vrexjvx le chrome pirate

Bonjour,

Pouvez-vous nous fournir le rapport intégral de Malwarebytes ?

Merci,

Re: vrexjvx le chrome pirate

Bonne idée,

on decouvre qu'il reste des virus ! "Little Registry Cleaner".... voila les 2 fichiers avant et apres nettoyage.

No1 ___________

Malwarebytes Anti-Malware www.malwarebytes.org

Date de l'analyse: 30/05/2016 Heure de l'analyse: 11:07 Fichier journal: rapport-malware300516.txt Administrateur: Oui

Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.05.30.04 Base de données de rootkits: v2016.05.27.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé

Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: User

Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 416980 Temps écoulé: 9 min, 53 s

Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé

Processus: 0 (Aucun élément malveillant détecté)

Modules: 0 (Aucun élément malveillant détecté)

Clés du Registre: 0 (Aucun élément malveillant détecté)

Valeurs du Registre: 0 (Aucun élément malveillant détecté)

Données du Registre: 0 (Aucun élément malveillant détecté)

Dossiers: 3 PUP.Optional.ZoltaRegistryCleaner, C:\Program Files\Common Files\Little Registry Cleaner, , [cc400eceecadc5718252ab0309f951af], PUP.Optional.ZoltaRegistryCleaner, C:\Program Files\Common Files\Little Registry Cleaner\Backups, , [cc400eceecadc5718252ab0309f951af], PUP.Optional.ZoltaRegistryCleaner, C:\Program Files\Common Files\Little Registry Cleaner\Logs, , [cc400eceecadc5718252ab0309f951af],

Fichiers: 2 PUP.Optional.ZoltaRegistryCleaner, C:\Program Files\Common Files\Little Registry Cleaner\Logs\2016_05_25_183148.txt, , [cc400eceecadc5718252ab0309f951af], PUP.Optional.ZoltaRegistryCleaner, C:\Program Files\Common Files\Little Registry Cleaner\Logs\rapport-registry-cleanner_2016_05_25_183148.txt, , [cc400eceecadc5718252ab0309f951af],

Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)

No2___________

Malwarebytes Anti-Malware www.malwarebytes.org

Date de l'analyse: 30/05/2016 Heure de l'analyse: 11:21 Fichier journal: rapport-malware300516_2.txt Administrateur: Oui

Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.05.30.04 Base de données de rootkits: v2016.05.27.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé

Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: User

Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 417015 Temps écoulé: 6 min, 12 s

Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé

Processus: 0 (Aucun élément malveillant détecté)

Modules: 0 (Aucun élément malveillant détecté)

Clés du Registre: 0 (Aucun élément malveillant détecté)

Valeurs du Registre: 0 (Aucun élément malveillant détecté)

Données du Registre: 0 (Aucun élément malveillant détecté)

Dossiers: 0 (Aucun élément malveillant détecté)

Fichiers: 0 (Aucun élément malveillant détecté)

Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)

------------------------

Cordialement.

 

Re: vrexjvx le chrome pirate310516

Bonjour,

Ce qui me reste est dans les logs de Malewarebytes :

Le premier ==   mbam-log-2016-05-25 (14-55-16)

-----------

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2016/05/25 14:55:21 +0200</date><logfile>mbam-log-2016-05-25 (14-55-16).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.2.1.1043</version><malware-database>v2016.05.25.04</malware-database><rootkit-database>v2016.05.20.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>MOEBIUS</hostname><ip>192.168.1.10</ip><osversion>Windows 8.1</osversion><arch>x64</arch><username>User</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>417455</objects><time>549</time><processes>0</processes><modules>0</modules><keys>2</keys><values>6</values><datas>0</datas><folders>4</folders><files>8</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A1272664-F490-437D-A8D9-958E173735EE}</path><vendor>PUP.Optional.YesSearches</vendor><action>delete-on-reboot</action><hash>6aae6179b5e4c86ed66b5f7e91729a66</hash></key><key><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path><vendor>PUP.Optional.YesSearches</vendor><action>success</action><hash>f325607ad9c080b6dbe810a2bb47c23e</hash></key><value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A1272664-F490-437D-A8D9-958E173735EE}</path><valuename>Path</valuename><vendor>PUP.Optional.YesSearches</vendor><action>delete-on-reboot</action><valuedata>\Nimeckreelule Log</valuedata><hash>6aae6179b5e4c86ed66b5f7e91729a66</hash></value><value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path><valuename>hp</valuename><vendor>PUP.Optional.YesSearches</vendor><action>success</action><valuedata>http://www.yessearches.com/?ts=AHEqAHElAHEtBk..&v=20160421&uid=EFB9F94BD5F789459E84C342099793A7&ptid=ism&mode=ffsengext</valuedata><hash>f325607ad9c080b6dbe810a2bb47c23e</hash></value><value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path><valuename>tab</valuename><vendor>PUP.Optional.YesSearches</vendor><action>success</action><valuedata>http://www.yessearches.com/?ts=AHEqAHElAHEtBk..&v=20160421&uid=EFB9F94BD5F789459E84C342099793A7&ptid=ism&mode=ffsengext</valuedata><hash>1206bf1b4e4bcd69873c3d7530d29c64</hash></value><value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path><valuename>sp</valuename><vendor>PUP.Optional.YesSearches</vendor><action>success</action><valuedata>http://www.yessearches.com/chrome.php?uid=EFB9F94BD5F789459E84C342099793A7&ptid=ism&q={searchTerms}&ts=AHEqAHElAHEtBk..&v=20160421&mode=ffsengext</valuedata><hash>6bada931594000360bb8b101669cfe02</hash></value><value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}</path><valuename>surl</valuename><vendor>PUP.Optional.YesSearches</vendor><action>success</action><valuedata>http://www.yessearches.com/chrome.php?uid=EFB9F94BD5F789459E84C342099793A7&ptid=ism&ts=AHEqAHElAHEtBk..&v=20160421&mode=ffexttoolbar&q=</valuedata><hash>0e0aac2e514888aea71c743e6b97ec14</hash></value><value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>arthurj8283@gmail.com</valuename><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><valuedata>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com</valuedata><hash>73a5cc0e1089d46236dd258f7f83d62a</hash></value><folder><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></folder><folder><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></folder><folder><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome\content</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></folder><folder><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome\skin</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></folder><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi</path><vendor>PUP.Optional.CrossAd.Gen</vendor><action>success</action><hash>8494a6340d8cf1454ccbd3de8d7538c8</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi</path><vendor>PUP.Optional.CrossAd.Gen</vendor><action>success</action><hash>799f54868d0cfc3afe19852ca55de31d</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome.manifest</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\install.rdf</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome\content\toolbar.js</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome\content\toolbar.xul</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ufszt87n.default\extensions\arthurj8283@gmail.com\chrome\skin\icon.png</path><vendor>PUP.Optional.xRocketToolbar</vendor><action>success</action><hash>48d05c7ebbdebc7a78b1d3d2c63c926e</hash></file><file><path>C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\DD1B66D4.xml</path><vendor>PUP.Optional.YesSearches</vendor><action>success</action><hash>9b7d67735e3b79bd00f4f67d21e3738d</hash></file></items></mbam-log>

--------------------

Ensuite :  mbam-log-2016-05-30 (11-06-45)

--------------------

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2016/05/30 11:07:32 +0200</date><logfile>mbam-log-2016-05-30 (11-06-45).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.2.1.1043</version><malware-database>v2016.05.30.04</malware-database><rootkit-database>v2016.05.27.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>MOEBIUS</hostname><ip>192.168.1.10</ip><osversion>Windows 8.1</osversion><arch>x64</arch><username>User</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>416980</objects><time>593</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>3</folders><files>2</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><folder><path>C:\Program Files\Common Files\Little Registry Cleaner</path><vendor>PUP.Optional.ZoltaRegistryCleaner</vendor><action>success</action><hash>cc400eceecadc5718252ab0309f951af</hash></folder><folder><path>C:\Program Files\Common Files\Little Registry Cleaner\Backups</path><vendor>PUP.Optional.ZoltaRegistryCleaner</vendor><action>success</action><hash>cc400eceecadc5718252ab0309f951af</hash></folder><folder><path>C:\Program Files\Common Files\Little Registry Cleaner\Logs</path><vendor>PUP.Optional.ZoltaRegistryCleaner</vendor><action>success</action><hash>cc400eceecadc5718252ab0309f951af</hash></folder><file><path>C:\Program Files\Common Files\Little Registry Cleaner\Logs\2016_05_25_183148.txt</path><vendor>PUP.Optional.ZoltaRegistryCleaner</vendor><action>success</action><hash>cc400eceecadc5718252ab0309f951af</hash></file><file><path>C:\Program Files\Common Files\Little Registry Cleaner\Logs\rapport-registry-cleanner_2016_05_25_183148.txt</path><vendor>PUP.Optional.ZoltaRegistryCleaner</vendor><action>success</action><hash>cc400eceecadc5718252ab0309f951af</hash></file></items></mbam-log> ---------------

Enfin :  mbam-log-2016-05-30 (11-21-08)

---------------

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2016/05/30 11:21:13 +0200</date><logfile>mbam-log-2016-05-30 (11-21-08).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.2.1.1043</version><malware-database>v2016.05.30.04</malware-database><rootkit-database>v2016.05.27.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>MOEBIUS</hostname><ip>192.168.1.10</ip><osversion>Windows 8.1</osversion><arch>x64</arch><username>User</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>417015</objects><time>372</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items> </items></mbam-log>

___________

Les quarantaines sont illisibles.

Cordiallement