Virus

Lordgiovani Messages postés 134 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
j ai attraper un virus qui bloque tout mes programme ca ecrit malware protection" comment faire pour resoudre ca
merci

27 réponses

  • 1
  • 2
  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    yo

    ▶ Télécharge sur le bureau RogueKiller (par tigzy)

    ▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )

    ▶ Quitte tous tes programmes en cours
    ▶ Lance RogueKiller.exe.
    ▶ Un scan se lance, puis tu verra d'indiqué dans la fenêtre
    ▶ ▶ 1. Scan (écrit en vert)
    ▶ ▶ 2. Delete (écrit en rouge)
    ▶ ▶ 3. Hosts RAZ (écrit en rouge)
    ▶ ▶ 4. Proxy RAZ (écrit en rouge)
    ▶ ▶ 5. DNS RAZ (écrit en rouge)
    ▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
    A ce moment tape 2 et valide
    Note: s'il te demande de supprimer le proxy, tape 4
    ▶ Un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
    ▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe

    ++
    0
    1. Lordgiovani Messages postés 134 Statut Membre
       
      RogueKiller V4.3.3 par Tigzy
      contact sur https://www.luanagames.com/index.fr.html
      mail: tigzyRK<at>gmail<dot>com
      Remontees: https://www.luanagames.com/index.fr.html

      Systeme d'exploitation: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
      Demarrage : Mode normal
      Utilisateur: cédric [Droits d'admin]
      Mode: Suppression -- Date : 26/03/2011 00:15:49

      Processus malicieux: 1
      [APPDT/TMP/DESKTOP] defender.exe -- c:\users\cédric\appdata\roaming\defender.exe -> KILLED

      Entrees de registre: 1
      [APPDT/TMP/DESKTOP] HKCU\[...]\Run : Malware Protection (C:\Users\cédric\AppData\Roaming\defender.exe) -> DELETED

      Fichier HOSTS:
      127.0.0.1 localhost
      ::1 localhost


      Termine : << RKreport[1].txt >>
      RKreport[1].txt
      0
  2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    hello :)

    parfait ;) la suite :

    ▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.

    ▶ ▶ Miroir 1 si inaccessible

    ▶ ▶ Miroir 2 si inaccessible

    ▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

    ▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
    ▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
    ▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
    Une fois la mise à jour terminée
    ▶ rends-toi dans l'onglet Recherche
    ▶ Sélectionne Exécuter un examen complet
    ▶ Clique sur Rechercher
    ▶ ▶ Le scan démarre.
    ▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    ▶ Clique sur Ok pour poursuivre.
    ▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
    ▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    ▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    ▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
    ▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
    ▶ Tu clique dessus pour l'afficher, une fois affiché
    ▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ▶ ▶ Si tu n'arrive pas à le mettre à jour, télécharge ce fichier

    =======================================================

    DÉSACTIVE TON ANTIVIRUS ET TON PARE-FEU SI PRÉSENTS !!!!! (car l'outil est détecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

    ▶ Télécharge ici :List_Kill'em

    et enregistre le sur ton bureau

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."


    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    ♦ Exécuter List_Kill'em

    une fois terminée , clic sur "terminer"

    lance-le via le raccourci apparu sur ton bureau comme précité au début

    choisis l'option Search

    ▶ laisse travailler l'outil

    à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal ,c'est une recherche supplémentaire de fichiers cachés , le programme n'est pas bloqué.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶ Fais de même avec more.txt qui se trouve sur ton bureau

    @+
    0
  3. Lordgiovani Messages postés 134 Statut Membre
     
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6173

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19019

    26/03/2011 12:33:19
    mbam-log-2011-03-26 (12-33-19).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 312457
    Temps écoulé: 1 heure(s), 8 minute(s), 55 seconde(s)

    Processus mémoire infecté(s): 3
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 125
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 28
    Fichier(s) infecté(s): 56

    Processus mémoire infecté(s):
    c:\programdata\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> 1280 -> Unloaded process successfully.
    c:\program files\questbrwsearch\questbrwsearch.exe (Adware.QuestBrowse) -> 3160 -> Unloaded process successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 3408 -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Delete on reboot.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
    c:\program files\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowse Service (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.489.0 (Adware.HotBar) -> Value: ShopperReports 3.0.489.0 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879027EB776545031AF90 (Malware.Trace) -> Value: SRS_IT_E879027EB776545031AF90 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790776B4765B503FAA99 (Malware.Trace) -> Value: SRS_IT_E8790776B4765B503FAA99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\cédric\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
    c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Delete on reboot.
    c:\program files\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Delete on reboot.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\shopperreports3\bin\3.0.489.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\questbrwsearch (Adware.QuestBrowse) -> Delete on reboot.
    c:\programdata\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\programdata\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Delete on reboot.
    c:\program files\questbrwsearch\questbrwsearch.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
    c:\program files\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\questbrwsearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\QuestDns\questdns.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\Temp\xvid-win32.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\Users\cédric\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C2OUT29Z\o4a1wset[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\Users\cédric\AppData\Roaming\defender.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
    c:\Users\cédric\Desktop\rk_quarantine\defender.exe.vir (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\QuestDns\uninstall.exe (Adware.QuestDns) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    0
  4. Lordgiovani Messages postés 134 Statut Membre
     
    http://www.cijoint.fr/cjlink.php?file=cj201103/cij7kgAXJ6.txt
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lordgiovani Messages postés 134 Statut Membre
     
    http://www.cijoint.fr/cjlink.php?file=cj201103/cijUBg1iII.txt
    0
  7. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Parfait la suite:

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."


    ▶ Relance List_Kill'em,avec le raccourci sur ton bureau.

    mais cette fois-ci :

    ▶ choisis l'Option Suppression

    ▶▶▶ Ne clique qu'une seule fois sur le bouton !!

    laisse travailler l'outil.

    en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ▶ colle le contenu dans ta réponse
    =========================================================
    Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

    http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
    OU
    https://www.androidworld.fr/ ( Miroir )

    /!\ Ferme toutes applications en cours /!\

    ▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ▶ Sur la page, clique sur le bouton « Nettoyer »
    ▶ Confirme lancement du scan
    ▶ Laisse travailler l'outil.
    ▶ Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN[1].txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    =======================================================

    ▶ Télécharge et installe ZHPDiag. Ne le lance pas maintenant (décoche le carré "Lancer ZHPDiag")

    ▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

     FirewallRAZ
    EmptyTemp
    EmptyFlash
    


    ▶ Puis Lance ZHPFix depuis le raccourci du bureau .

    ▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    ▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

    ▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

    ▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    ▶ Copie/Colle le rapport à l'écran dans ton prochain message

    ▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

    ▶ Redémarre ton ordinateur, fais une analyse avec ZHPDiag comme expliqué::

    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPDiag, « exécuter en tant qu'Administrateur »

    ▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    ▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    ▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
    http://pjjoint.malekal.com/

    ▶ Tuto zhpdiag :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    Hébergement de rapport sur pjjoint.malekal.com

    ▶ Rends toi sur pjjoint.malekal.com
    ▶ Clique sur le bouton Parcourir
    ▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
    ▶ Clique sur le bouton Envoyer
    ▶ Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.

    @+
    0
  8. lordgiovani
     
    ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.6 ¤¤¤¤¤¤¤¤¤¤

    User : cédric (Administrateurs)
    Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
    Start at: 23:16:58 | 26/03/2011

    Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    Internet Explorer 8.0.6001.19019

    WebSite : Soon
    Thx to MPuissanceIV for the icon
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 207,5 Go (74,77 Go free) [BOOT] | NTFS
    D:\ -> Disque fixe local | 25,37 Go (13,85 Go free) [RECOVER] | FAT32
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible

    Killed : PID 3544 'iexplore.exe'
    Killed : PID 3600 'iexplore.exe'
    Killed : PID 5172 'Msnmsgr.exe'
    Killed : PID 4044 'explorer.exe'

    ¤¤¤¤¤¤¤¤¤¤ Fichiers | Dossiers

    Mis en quarantaine : C:\Users\c'dric\AppData\Local\d3d8caps.dat
    Mis en quarantaine : C:\Users\c'dric\AppData\Local\d3d9caps.dat
    Mis en quarantaine : C:\Users\c'dric\AppData\Local\GDIPFONTCACHEV1.DAT
    Mis en quarantaine : C:\ProgramData\Trymedia

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    C:\Windows\System32\Drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤¤¤¤

    Suppression : HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Suppression : HKCR\interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Suppression : HKCR\interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Suppression : HKCR\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    Local Page = C:\WINDOWS\system32\blank.htm
    Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = http://www.google.com/
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤¤¤¤¤¤ Centre de securite ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    FirstRunDisabled = 1 (0x1)
    AntiVirusDisableNotify = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 0 (0x0)
    FirewallOverride = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

    Ndisuio -> Start = 3
    EapHost -> Start = 2
    Wlansvc -> Start = 2
    SharedAccess -> Start = 2
    windefend -> Start = 2
    wuauserv -> Start = 2
    wscsvc -> Start = 2

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell = 1 (0x1)
    Shell = explorer.exe
    Userinit = C:\Windows\System32\userinit.exe,
    VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
    System =
    PowerdownAfterShutdown = 1

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Disk Cleaned
    Prefetch cleaned
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    TDSS | svchost | Internet Explorer:
    ====================================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6001 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
    1 ntkrnlpa!IofCallDriver[0x822C5FEF] -> \Device\Harddisk0\DR0[0x86D11AC8]
    3 CLASSPNP[0x8ABCF745] -> ntkrnlpa!IofCallDriver[0x822C5FEF] -> \Device\Ide\IAAStorageDevice-0[0x85739028]
    kernel: MBR read successfully
    user & kernel MBR OK

    Fin du Nettoyage : 23:17:49

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  9. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    génial pour kill'em :)

    j'attends:

    -AD-R
    -ZHPFix
    -ZHPDiag

    :-)
    0
  10. Lordgiovani Messages postés 134 Statut Membre
     
    RogueKiller V4.3.3 par Tigzy
    contact sur https://www.luanagames.com/index.fr.html
    mail: tigzyRK<at>gmail<dot>com
    Remontees: https://www.luanagames.com/index.fr.html

    Systeme d'exploitation: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
    Demarrage : Mode normal
    Utilisateur: cédric [Droits d'admin]
    Mode: Suppression -- Date : 26/03/2011 00:15:49

    Processus malicieux: 1
    [APPDT/TMP/DESKTOP] defender.exe -- c:\users\cédric\appdata\roaming\defender.exe -> KILLED

    Entrees de registre: 1
    [APPDT/TMP/DESKTOP] HKCU\[...]\Run : Malware Protection (C:\Users\cédric\AppData\Roaming\defender.exe) -> DELETED

    Fichier HOSTS:
    127.0.0.1 localhost
    ::1 localhost

    Termine : << RKreport[1].txt >>
    RKreport[1].txt
    0
  11. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    j ai déjà eu ce rapport, j attends donc ad-remover, zhpfix, et zhpdiag. (zhpdiag a héberger il ne serait pas complet ici)
    0
  12. Lordgiovani Messages postés 134 Statut Membre
     
    Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011
    Fichier d'export Registre : C:\ZHPExportRegistry-27-03-2011-0-14-17.txt
    Run by cédric at 27/03/2011 0:14:17
    Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Valeur(s) du Registre ==========
    FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile"
    FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile"
    FirewallRaz (None) : {D2786228-0285-4F6B-841E-BB61DFC8B49D} => Valeur supprimée avec succès

    ========== Dossier(s) ==========
    Dossiers Flash Cookies supprimés : 981

    ========== Fichier(s) ==========
    Fichiers Flash Cookies supprimés : 508

    ========== Récapitulatif ==========
    3 : Valeur(s) du Registre
    1 : Dossier(s)
    1 : Fichier(s)

    End of the scan
    0
  13. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    vu

    ==> rapport C:\Ad-Report-CLEAN[1].txt stp.
    ==> rapport ZHPDiag.txt sur pjjoint stp
    0
  14. Lordgiovani Messages postés 134 Statut Membre
     
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 01/03/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 00:00:38 le 27/03/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
    cédric@PC-DE-CÉDRIC (MEDION WIM2210)

    ============== ACTION(S) ==============

    Dossier supprimé: C:\Users\cédric\AppData\Local\Conduit
    Dossier supprimé: C:\Users\cédric\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\cédric\AppData\LocalLow\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\Users\cédric\AppData\LocalLow\PriceGong
    Dossier supprimé: C:\Users\cédric\AppData\LocalLow\ShopperReports3

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{E426B8C2-E9FD-4A51-A477-3EB961CF8A47}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E426B8C2-E9FD-4A51-A477-3EB961CF8A47}
    Clé supprimée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
    Clé supprimée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
    Clé supprimée: HKLM\Software\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Clé supprimée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
    Clé supprimée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
    Clé supprimée: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
    Clé supprimée: HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
    Clé supprimée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
    Clé supprimée: HKLM\Software\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Clé supprimée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
    Clé supprimée: HKLM\Software\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Clé supprimée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
    Clé supprimée: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
    Clé supprimée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2905348
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKLM\Software\Trymedia Systems
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé supprimée: HKCU\Software\AppDataLow\Software\ShopperReports3
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8EF3A61-B7F2-4E29-B0F1-498906EB0312}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [8.0.6001.19019] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
    HKCU_URLSearchHooks|{dc4a8395-7bea-47fb-89cb-34aef53c19b2} - "Messenger Plus BE Toolbar" (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
    HKLM_URLSearchHooks|{dc4a8395-7bea-47fb-89cb-34aef53c19b2} - "Messenger Plus BE Toolbar" (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
    HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
    HKCU_Toolbar\WebBrowser|{DC4A8395-7BEA-47FB-89CB-34AEF53C19B2} (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
    HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
    HKLM_Toolbar|{dc4a8395-7bea-47fb-89cb-34aef53c19b2} (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
    HKLM_ElevationPolicy\{2E77C428-1CB4-4081-AE2A-C4416D8A3828} - C:\Program Files\Messenger_Plus_BE\Messenger_Plus_BEToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{DF713F92-04D9-439F-ADE1-4BDFC720566F} - C:\Users\cédric\AppData\Local\Conduit\CT2905348\Messenger_Plus_BEAutoUpdateHelper.exe (x)
    HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{dc4a8395-7bea-47fb-89cb-34aef53c19b2} - "Messenger Plus BE Toolbar" (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
    BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 127 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 27/03/2011 00:00:53 (7058 Octet(s))

    Fin à: 00:01:54, 27/03/2011

    ============== E.O.F ==============
    0
  15. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    bien

    ▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

     O42 - Logiciel: Messenger Plus BE Toolbar - (.Messenger Plus BE.) [HKLM] -- Messenger_Plus_BE Toolbar
    [HKCU\Software\0548437A37720294CDFB50EEF75CCE0D]
    [HKCU\Software\AppDataLow\Software\Messenger_Plus_BE]
    [HKLM\Software\Messenger_Plus_BE]
    O43 - CFD: 26/03/2011 - 22:57:42 - [4555168] ----D- C:\Program Files\Messenger_Plus_BE
    [MD5.CE7E0A3C1E5091A069F34B3ECB955DB7] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   [111928] 
    O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   
    G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com
    G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com
    O23 - Service:  (ASWLSVC) - Clé orpheline
    [MD5.00000000000000000000000000000000] [APT] [{0973E4B9-03FA-48AA-911C-CFC79BFDD41E}] (.Pas de propriétaire.) -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe (.not file.)
    R3 - URLSearchHook: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 0, 0, 4) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    R3 - URLSearchHook: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
    O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
    O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B}   
    [HKCU\Software\SweetIM]     
    [HKLM\Software\SweetIM]    
    O43 - CFD: 14/03/2011 - 17:38:18 - [8620750] ----D- C:\Program Files\SweetIM    
    O43 - CFD: 14/03/2011 - 17:38:12 - [308650] ----D- C:\ProgramData\SweetIM   
    [HKCR\sweetie.ietoolbar]
    [HKCR\sweetie.ietoolbar.1]
    [HKCR\sweetim_urlsearchhook.toolbarurlsearchhook]
    [HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1]
    [HKLM\Software\Classes\sweetie.ietoolbar]
    [HKLM\Software\Classes\sweetie.ietoolbar.1]
    [HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
    [HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
    [HKLM\Software\Classes\Toolbar3.sweetie]
    [HKLM\Software\Classes\Toolbar3.sweetie.1]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe]
    
    


    ▶ Puis Lance ZHPFix depuis le raccourci du bureau .

    ▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    ▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

    ▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

    ▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    ▶ Copie/Colle le rapport à l'écran dans ton prochain message

    ▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

    ▶ Redémarre ton ordinateur, refais une analyse avec ZHPDiag et héberge son rapport
    0
  16. Lordgiovani Messages postés 134 Statut Membre
     
    Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011
    Fichier d'export Registre :
    Run by cédric at 27/03/2011 12:36:02
    Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Clé(s) du Registre ==========
    O42 - Logiciel: Messenger Plus BE Toolbar - (.Messenger Plus BE.) [HKLM] -- Messenger_Plus_BE Toolbar => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle!
    HKCU\Software\0548437A37720294CDFB50EEF75CCE0D => Clé supprimée avec succès
    HKCU\Software\AppDataLow\Software\Messenger_Plus_BE => Clé supprimée avec succès
    HKLM\Software\Messenger_Plus_BE => Clé supprimée avec succès
    O23 - Service: (ASWLSVC) - Clé orpheline => Clé absente
    O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll => Clé absente
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Clé absente
    HKCR\sweetie.ietoolbar => Clé supprimée avec succès
    HKCR\sweetie.ietoolbar.1 => Clé supprimée avec succès
    HKCR\sweetim_urlsearchhook.toolbarurlsearchhook => Clé supprimée avec succès
    HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé supprimée avec succès
    HKLM\Software\Classes\sweetie.ietoolbar => Clé absente
    HKLM\Software\Classes\sweetie.ietoolbar.1 => Clé absente
    HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook => Clé absente
    HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé absente
    HKLM\Software\Classes\Toolbar3.sweetie => Clé supprimée avec succès
    HKLM\Software\Classes\Toolbar3.sweetie.1 => Clé supprimée avec succès
    HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe => Clé supprimée avec succès

    ========== Valeur(s) du Registre ==========
    O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe => Valeur supprimée avec succès
    R3 - URLSearchHook: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll => Valeur supprimée avec succès
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 0, 0, 4) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll => Valeur supprimée avec succès
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Valeur supprimée avec succès
    O3 - Toolbar: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll => Valeur supprimée avec succès

    ========== Préférences navigateur ==========
    G0 - GCSP: Preference [User Data\Default][HomePage] https://home.sweetim.com/ => Valeur supprimée avec succès
    G0 - GCSP: Preference [User Data\Default][HomePage] https://home.sweetim.com/ => Valeur supprimée avec succès

    ========== Dossier(s) ==========
    C:\Program Files\Messenger_Plus_BE => Fichier supprimé au reboot
    C:\Program Files\SweetIM => Fichier supprimé au reboot
    C:\ProgramData\SweetIM => Fichier supprimé au reboot

    ========== Fichier(s) ==========
    c:\program files\sweetim\messenger\sweetim.exe => Supprimé et mis en quarantaine
    c:\program files\messenger_plus_be\prxtbmess.dll => Supprimé et mis en quarantaine
    c:\program files\sweetim\toolbars\internet explorer\mghelper.dll => Supprimé et mis en quarantaine
    c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll => Supprimé et mis en quarantaine

    ========== Logiciel(s) ==========
    O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B} => Logiciel déjà supprimé

    ========== Tache planifiée ==========
    Task : {0973E4B9-03FA-48AA-911C-CFC79BFDD41E} => Tâche supprimée avec succès

    ========== Autre ==========
    [MD5.CE7E0A3C1E5091A069F34B3ECB955DB7] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928] => Format Non supporté

    ========== Récapitulatif ==========
    18 : Clé(s) du Registre
    5 : Valeur(s) du Registre
    3 : Dossier(s)
    4 : Fichier(s)
    1 : Logiciel(s)
    2 : Préférences navigateur
    1 : Tache planifiée
    1 : Autre

    End of the scan
    0
  17. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    parfait.

    redémarre ton ordi refais moi une analyse avec zhpdiag. Héberge son rapport comme d'hab.

    Ensuite lance ton antivirus, un scan complet, tiens moi au jus ;)
    0
  18. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    ▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

     O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (...) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll (.not file.)    
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (...) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (.not file.)    
    O23 - Service:  (ASWLSVC) - Clé orpheline 
    O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B}  
    [HKCU\Software\AppDataLow\Software\toolbar]   
    [HKCU\Software\SweetIM]     
    [HKLM\Software\SweetIM]   
    O43 - CFD: 14/03/2011 - 18:38:18 - [6885158] ----D- C:\Program Files\SweetIM     
    O43 - CFD: 14/03/2011 - 18:38:12 - [308651] ----D- C:\ProgramData\SweetIM    
    
    
    
    


    ▶ Puis Lance ZHPFix depuis le raccourci du bureau .

    ▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    ▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

    ▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

    ▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    ▶ Copie/Colle le rapport à l'écran dans ton prochain message

    ▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

    =========================================================

    Mets à jour vista: Vista SP2
    0
  19. Lordgiovani Messages postés 134 Statut Membre
     
    Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011
    Fichier d'export Registre : C:\ZHPExportRegistry-27-03-2011-19-51-38.txt
    Run by cédric at 27/03/2011 19:51:34
    Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Clé(s) du Registre ==========
    O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (...) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll (.not file.) => Clé absente
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (...) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (.not file.) => Clé absente
    O23 - Service: (ASWLSVC) - Clé orpheline => Clé absente

    ========== Dossier(s) ==========
    C:\Program Files\SweetIM => Fichier supprimé au reboot
    C:\ProgramData\SweetIM => Fichier supprimé au reboot

    ========== Fichier(s) ==========
    c:\program files\messenger_plus_be\prxtbmess.dll => Supprimé et mis en quarantaine
    c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll => Fichier absent

    ========== Logiciel(s) ==========
    O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B} => Logiciel déjà supprimé

    ========== Récapitulatif ==========
    3 : Clé(s) du Registre
    2 : Dossier(s)
    2 : Fichier(s)
    1 : Logiciel(s)
    0
  • 1
  • 2