Gomeo grrrr
betty6266
Messages postés
9
Date d'inscription
Statut
Membre
Dernière intervention
-
moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention -
moment de grace Messages postés 29042 Date d'inscription Statut Contributeur sécurité Dernière intervention -
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/01/11 à 19:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:15:10 le 13/01/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
( )
============== RECHERCHE ==============
Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Dossier trouvé: D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Fichier trouvé: D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\searchplugins\ask.xml
Dossier trouvé: C:\Program Files\FBrowserAdvisor
Dossier trouvé: C:\Program Files\FBrowsingAdvisor
Dossier trouvé: D:\Documents and Settings\All Users\Application Data\GamesBar
Dossier trouvé: C:\Program Files\GamesBar
Dossier trouvé: D:\Documents and Settings\All Users\Application Data\Trymedia
Dossier trouvé: D:\Documents and Settings\HelpAssistant\Application Data\Viewpoint
Dossier trouvé: D:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier trouvé: C:\Program Files\Viewpoint
Dossier trouvé: D:\Documents and Settings\bernard\Local Settings\Application Data\Kiwee Toolbar
-- Fichier ouvert: D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.order.1", "Ask");
Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true);
Ligne trouvée: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&...
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
Clé trouvée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}
Clé trouvée: HKLM\Software\Classes\Interface\{0644DA8F-A2AF-ED38-3652-7519D25326A6}
Clé trouvée: HKLM\Software\Classes\Interface\{133548AB-2040-C274-3F84-B4F038825BE1}
Clé trouvée: HKLM\Software\Classes\Interface\{28A43D42-88DA-9F16-36D8-E8B8F90F8137}
Clé trouvée: HKLM\Software\Classes\Interface\{35D3032D-F301-7A91-0C1F-6A346950470E}
Clé trouvée: HKLM\Software\Classes\Interface\{82A42CAC-054E-FD78-0601-83923D1E18B3}
Clé trouvée: HKLM\Software\Classes\Interface\{8A93E70C-4855-D46E-DB0D-62C4DA0B5914}
Clé trouvée: HKLM\Software\Classes\Interface\{9EBD4DDC-B5A2-4731-57AE-5D300F116E3A}
Clé trouvée: HKLM\Software\Classes\Interface\{FF0BB838-6AE8-D4CA-953B-742C81C9060C}
Clé trouvée: HKLM\Software\Classes\Interface\{FFD09307-538D-2A45-93F9-C1C36CBD81FE}
Clé trouvée: HKLM\Software\Classes\TypeLib\{5FDB9BC1-CFA2-A65E-749A-782E1FA13CAF}
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé trouvée: HKLM\Software\Classes\AppID\InternetProgram.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{C58810EE-6B56-BDD6-5FAE-D204717DA8F6}
Clé trouvée: HKLM\Software\AskBarDis
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\MetaStream
Clé trouvée: HKLM\Software\Titan Poker
Clé trouvée: HKLM\Software\Trymedia Systems
Clé trouvée: HKLM\Software\Viewpoint
Clé trouvée: HKCU\Software\CToolbar
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FBrowsingAdvisor_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [Impossible d'obtenir la version] **
-- D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\bernard\\Bureau
browser.search.defaultenginename, Live Search
browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
browser.search.selectedEngine, Yahoo!
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
-- D:\Documents and Settings\HelpAssistant\Application Data\Mozilla\FireFox\Profiles\4tj114gu.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\melody\\Bureau
browser.startup.homepage, hxxp://fr.msn.com/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
========================================
** Internet Explorer Version [7.0.5730.13] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.01net.com
Default_Search_URL: hxxp://www.google.com/ie
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant: hxxp://www.crawler.com/search/ie.aspx?tb_id=66024
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
D:\Ad-Report-SCAN[1].txt - 13/01/2011 (1822 Octet(s))
Fin à: 18:15:58, 13/01/2011
============== E.O.F ==============
Mis à jour par TeamXscript le 12/01/11 à 19:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:15:10 le 13/01/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
( )
============== RECHERCHE ==============
Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Dossier trouvé: D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Fichier trouvé: D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\searchplugins\ask.xml
Dossier trouvé: C:\Program Files\FBrowserAdvisor
Dossier trouvé: C:\Program Files\FBrowsingAdvisor
Dossier trouvé: D:\Documents and Settings\All Users\Application Data\GamesBar
Dossier trouvé: C:\Program Files\GamesBar
Dossier trouvé: D:\Documents and Settings\All Users\Application Data\Trymedia
Dossier trouvé: D:\Documents and Settings\HelpAssistant\Application Data\Viewpoint
Dossier trouvé: D:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier trouvé: C:\Program Files\Viewpoint
Dossier trouvé: D:\Documents and Settings\bernard\Local Settings\Application Data\Kiwee Toolbar
-- Fichier ouvert: D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.order.1", "Ask");
Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true);
Ligne trouvée: user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&...
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
Clé trouvée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}
Clé trouvée: HKLM\Software\Classes\Interface\{0644DA8F-A2AF-ED38-3652-7519D25326A6}
Clé trouvée: HKLM\Software\Classes\Interface\{133548AB-2040-C274-3F84-B4F038825BE1}
Clé trouvée: HKLM\Software\Classes\Interface\{28A43D42-88DA-9F16-36D8-E8B8F90F8137}
Clé trouvée: HKLM\Software\Classes\Interface\{35D3032D-F301-7A91-0C1F-6A346950470E}
Clé trouvée: HKLM\Software\Classes\Interface\{82A42CAC-054E-FD78-0601-83923D1E18B3}
Clé trouvée: HKLM\Software\Classes\Interface\{8A93E70C-4855-D46E-DB0D-62C4DA0B5914}
Clé trouvée: HKLM\Software\Classes\Interface\{9EBD4DDC-B5A2-4731-57AE-5D300F116E3A}
Clé trouvée: HKLM\Software\Classes\Interface\{FF0BB838-6AE8-D4CA-953B-742C81C9060C}
Clé trouvée: HKLM\Software\Classes\Interface\{FFD09307-538D-2A45-93F9-C1C36CBD81FE}
Clé trouvée: HKLM\Software\Classes\TypeLib\{5FDB9BC1-CFA2-A65E-749A-782E1FA13CAF}
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé trouvée: HKLM\Software\Classes\AppID\InternetProgram.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{C58810EE-6B56-BDD6-5FAE-D204717DA8F6}
Clé trouvée: HKLM\Software\AskBarDis
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\MetaStream
Clé trouvée: HKLM\Software\Titan Poker
Clé trouvée: HKLM\Software\Trymedia Systems
Clé trouvée: HKLM\Software\Viewpoint
Clé trouvée: HKCU\Software\CToolbar
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FBrowsingAdvisor_is1
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé trouvée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [Impossible d'obtenir la version] **
-- D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\bernard\\Bureau
browser.search.defaultenginename, Live Search
browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
browser.search.selectedEngine, Yahoo!
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
-- D:\Documents and Settings\HelpAssistant\Application Data\Mozilla\FireFox\Profiles\4tj114gu.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\melody\\Bureau
browser.startup.homepage, hxxp://fr.msn.com/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
========================================
** Internet Explorer Version [7.0.5730.13] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.01net.com
Default_Search_URL: hxxp://www.google.com/ie
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant: hxxp://www.crawler.com/search/ie.aspx?tb_id=66024
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
D:\Ad-Report-SCAN[1].txt - 13/01/2011 (1822 Octet(s))
Fin à: 18:15:58, 13/01/2011
============== E.O.F ==============
12 réponses
bonjour
fais ceci stp
1)
relances Ad Remover
option NETTOYAGE
poste le rapport
___________
2)
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
fais ceci stp
1)
relances Ad Remover
option NETTOYAGE
poste le rapport
___________
2)
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
ok
n'ouvres pas d'autres sujets stp
1)
poste moi le rapport clean de Ad Remover stp
________
2)
Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
--------------
3)
fais un nouveau rapport ZHPdiag
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
si problème avec ci joint , passer par là https://www.cjoint.com/
CONTRIBUTEUR SECURITE
Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
n'ouvres pas d'autres sujets stp
1)
poste moi le rapport clean de Ad Remover stp
________
2)
Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
--------------
3)
fais un nouveau rapport ZHPdiag
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
si problème avec ci joint , passer par là https://www.cjoint.com/
CONTRIBUTEUR SECURITE
Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai modifié mon post précédent en le commencant par n'ouvres pas d'autres sujets stp
=> C:\Ad-report(Scan/clean).Txt
=> C:\Ad-report(Scan/clean).Txt
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/01/11 à 19:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Lancé à 19:04:27 le 13/01/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
bernard@115136810314 ( )
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [Impossible d'obtenir la version] **
-- D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\bernard\\Bureau
browser.search.defaultenginename, Live Search
browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
browser.search.selectedEngine, Yahoo!
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
-- D:\Documents and Settings\HelpAssistant\Application Data\Mozilla\FireFox\Profiles\4tj114gu.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\melody\\Bureau
browser.startup.homepage, hxxp://fr.msn.com/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
========================================
** Internet Explorer Version [7.0.5730.13] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Mis à jour par TeamXscript le 12/01/11 à 19:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Lancé à 19:04:27 le 13/01/2011, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
bernard@115136810314 ( )
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [Impossible d'obtenir la version] **
-- D:\Documents and Settings\bernard\Application Data\Mozilla\FireFox\Profiles\mamn6a31.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\bernard\\Bureau
browser.search.defaultenginename, Live Search
browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
browser.search.selectedEngine, Yahoo!
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
-- D:\Documents and Settings\HelpAssistant\Application Data\Mozilla\FireFox\Profiles\4tj114gu.default\Prefs.js --
browser.download.lastDir, D:\\Documents and Settings\\melody\\Bureau
browser.startup.homepage, hxxp://fr.msn.com/
browser.startup.homepage_override.mstone, rv:1.9.2.3
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
========================================
** Internet Explorer Version [7.0.5730.13] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5512
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
13/01/2011 23:04:23
mbam-log-2011-01-13 (23-04-23).txt
Type d'examen: Examen complet (C:\|D:\|Q:\|)
Elément(s) analysé(s): 850958
Temps écoulé: 3 heure(s), 29 minute(s), 43 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 51
Processus mémoire infecté(s):
d:\documents and settings\bernard\application data\xssend2\svcnost.exe (Spyware.Passwords) -> 3760 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Spyware.Passwords) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe "D:\Documents and Settings\bernard\Application Data\ytyfvgmvprqce1ic3x2xcextgehfbwt2\csrss.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\all users\application data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
d:\documents and settings\all users\application data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\helpassistant\menu démarrer\programmes\bitdownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\melody\menu démarrer\programmes\bitdownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\ni.uga6pv_0001_n122m2910 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
d:\documents and settings\bernard\application data\xssend2\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\application data\xssenduasloykkcjoywohsb1r2ylmkqdrifhl\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\application data\xssendxdzxwc2dtosmkexav3q2fgkfzejklsk\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\application data\ytyfvgmvprqce1ic3x2xcextgehfbwt2\csrss.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\local settings\temporary internet files\Content.IE5\TST8HYOD\zhpdiag_silent[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\mes documents\zhpdiag_silent.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsc2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsd2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsd2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsx2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsx2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsv2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsv2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsw2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsw2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nszA.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsp2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsp2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nspB.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nspB.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsr2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsr2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nso2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nso2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsg9.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsg9.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsh2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsh2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsi2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsi2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\local settings\Temp\nso4.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\local settings\Temp\nso4.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\RP918\A0363487.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\RP920\A0363676.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\melody\application data\xssend2\svcnost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\JOHNY\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\JOHNY\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons\3bsoftware_icon_1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons\registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\res2\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\helpassistant\menu démarrer\programmes\bitdownload\bitdownload downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\melody\menu démarrer\programmes\bitdownload\bitdownload downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\ni.uga6pv_0001_n122m2910\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\ni.uga6pv_0001_n122m2910\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 5512
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
13/01/2011 23:04:23
mbam-log-2011-01-13 (23-04-23).txt
Type d'examen: Examen complet (C:\|D:\|Q:\|)
Elément(s) analysé(s): 850958
Temps écoulé: 3 heure(s), 29 minute(s), 43 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 51
Processus mémoire infecté(s):
d:\documents and settings\bernard\application data\xssend2\svcnost.exe (Spyware.Passwords) -> 3760 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} (Adware.PLayMP3z) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Spyware.Passwords) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe "D:\Documents and Settings\bernard\Application Data\ytyfvgmvprqce1ic3x2xcextgehfbwt2\csrss.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\all users\application data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
d:\documents and settings\all users\application data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\helpassistant\menu démarrer\programmes\bitdownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\melody\menu démarrer\programmes\bitdownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\ni.uga6pv_0001_n122m2910 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
d:\documents and settings\bernard\application data\xssend2\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\application data\xssenduasloykkcjoywohsb1r2ylmkqdrifhl\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\application data\xssendxdzxwc2dtosmkexav3q2fgkfzejklsk\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\application data\ytyfvgmvprqce1ic3x2xcextgehfbwt2\csrss.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\local settings\temporary internet files\Content.IE5\TST8HYOD\zhpdiag_silent[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\bernard\mes documents\zhpdiag_silent.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsc2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsd2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsd2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsx2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsx2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsv2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsv2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsw2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsw2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nszA.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsp2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsp2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nspB.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nspB.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsr2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsr2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nso2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nso2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsg9.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsg9.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsh2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsh2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsi2.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\nsi2.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\local settings\Temp\nso4.tmp\Dialer.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\local settings\Temp\nso4.tmp\InetLoad.dll (Adware.Softomate) -> Quarantined and deleted successfully.
d:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\RP918\A0363487.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\system volume information\_restore{751238cc-feb5-4605-9ea9-b441ebd3d66d}\RP920\A0363676.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\documents and settings\melody\application data\xssend2\svcnost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\JOHNY\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\JOHNY\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons\3bsoftware_icon_1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons\registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\hotbar_icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\p@p@.115136810314.000\application data\shoppingreport\cs\res2\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
d:\documents and settings\helpassistant\menu démarrer\programmes\bitdownload\bitdownload downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\melody\menu démarrer\programmes\bitdownload\bitdownload downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\ni.uga6pv_0001_n122m2910\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
d:\documents and settings\Louloute\local settings\Temp\ni.uga6pv_0001_n122m2910\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
O2 - BHO: (no name) - {E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50} Clé orpheline
O42 - Logiciel: NavigationAdvisor - (.Pas de propriétaire.) [HKLM] -- NavigationAdvisor
[HKLM\Software\BearShare Mediabar]
O43 - CFD: 21/06/2008 - 11:33:16 ----D- C:\Program Files\NavigationAdvisor
O47 - AAKE:Key Export SP - "C:\Program Files\BitDownload\BitDownload.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) --
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (@ieframe.dll,-12512) - https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
P2 - FPN:Firefox Plugin Navigator . (.Pando Networks - Pando Web Installer.) -- C:\Program Files\Mozilla Firefox\Plugins\npPandoWebInst.dll
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Clé orpheline
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} Clé orpheline
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .
* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
Copie/Colle le rapport à l'écran dans ton prochain message
le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
O2 - BHO: (no name) - {E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50} Clé orpheline
O42 - Logiciel: NavigationAdvisor - (.Pas de propriétaire.) [HKLM] -- NavigationAdvisor
[HKLM\Software\BearShare Mediabar]
O43 - CFD: 21/06/2008 - 11:33:16 ----D- C:\Program Files\NavigationAdvisor
O47 - AAKE:Key Export SP - "C:\Program Files\BitDownload\BitDownload.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) --
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (@ieframe.dll,-12512) - https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
P2 - FPN:Firefox Plugin Navigator . (.Pando Networks - Pando Web Installer.) -- C:\Program Files\Mozilla Firefox\Plugins\npPandoWebInst.dll
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Clé orpheline
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} Clé orpheline
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .
* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
Copie/Colle le rapport à l'écran dans ton prochain message
le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport