Sujet Précédent Sujet Suivant

Virus

Lordgiovani Messages postés 134 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
j ai attraper un virus qui bloque tout mes programme ca ecrit malware protection" comment faire pour resoudre ca
merci

A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
yo

▶ Télécharge sur le bureau RogueKiller (par tigzy)

▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )

▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d'indiqué dans la fenêtre
▶ ▶ 1. Scan (écrit en vert)
▶ ▶ 2. Delete (écrit en rouge)
▶ ▶ 3. Hosts RAZ (écrit en rouge)
▶ ▶ 4. Proxy RAZ (écrit en rouge)
▶ ▶ 5. DNS RAZ (écrit en rouge)
▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
A ce moment tape 2 et valide
Note: s'il te demande de supprimer le proxy, tape 4
▶ Un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe

++
0
Lordgiovani Messages postés 134 Statut Membre
 
RogueKiller V4.3.3 par Tigzy
contact sur https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html

Systeme d'exploitation: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur: cédric [Droits d'admin]
Mode: Suppression -- Date : 26/03/2011 00:15:49

Processus malicieux: 1
[APPDT/TMP/DESKTOP] defender.exe -- c:\users\cédric\appdata\roaming\defender.exe -> KILLED

Entrees de registre: 1
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : Malware Protection (C:\Users\cédric\AppData\Roaming\defender.exe) -> DELETED

Fichier HOSTS:
127.0.0.1 localhost
::1 localhost


Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 2 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
hello :)

parfait ;) la suite :

▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.

▶ ▶ Miroir 1 si inaccessible

▶ ▶ Miroir 2 si inaccessible

▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
Une fois la mise à jour terminée
▶ rends-toi dans l'onglet Recherche
▶ Sélectionne Exécuter un examen complet
▶ Clique sur Rechercher
▶ ▶ Le scan démarre.
▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
▶ Clique sur Ok pour poursuivre.
▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
▶ Tu clique dessus pour l'afficher, une fois affiché
▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

▶ ▶ Si tu n'arrive pas à le mettre à jour, télécharge ce fichier

=======================================================

DÉSACTIVE TON ANTIVIRUS ET TON PARE-FEU SI PRÉSENTS !!!!! (car l'outil est détecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

▶ Télécharge ici :List_Kill'em

et enregistre le sur ton bureau

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Exécuter List_Kill'em

une fois terminée , clic sur "terminer"

lance-le via le raccourci apparu sur ton bureau comme précité au début

choisis l'option Search

▶ laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal ,c'est une recherche supplémentaire de fichiers cachés , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶ Fais de même avec more.txt qui se trouve sur ton bureau

@+
0
Réponse 3 / 27
Lordgiovani Messages postés 134 Statut Membre
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6173

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

26/03/2011 12:33:19
mbam-log-2011-03-26 (12-33-19).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 312457
Temps écoulé: 1 heure(s), 8 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 125
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 28
Fichier(s) infecté(s): 56

Processus mémoire infecté(s):
c:\programdata\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> 1280 -> Unloaded process successfully.
c:\program files\questbrwsearch\questbrwsearch.exe (Adware.QuestBrowse) -> 3160 -> Unloaded process successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 3408 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowse Service (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.489.0 (Adware.HotBar) -> Value: ShopperReports 3.0.489.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879027EB776545031AF90 (Malware.Trace) -> Value: SRS_IT_E879027EB776545031AF90 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790776B4765B503FAA99 (Malware.Trace) -> Value: SRS_IT_E8790776B4765B503FAA99 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\cédric\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.489.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\questbrwsearch (Adware.QuestBrowse) -> Delete on reboot.
c:\programdata\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\programdata\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\program files\questbrwsearch\questbrwsearch.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\questbrwsearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\program files\QuestDns\questdns.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\Temp\xvid-win32.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\cédric\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C2OUT29Z\o4a1wset[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\cédric\AppData\Roaming\defender.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\cédric\Desktop\rk_quarantine\defender.exe.vir (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\QuestDns\uninstall.exe (Adware.QuestDns) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
0
Réponse 4 / 27
Lordgiovani Messages postés 134 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201103/cij7kgAXJ6.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Lordgiovani Messages postés 134 Statut Membre
 
http://www.cijoint.fr/cjlink.php?file=cj201103/cijUBg1iII.txt
0
Réponse 6 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Parfait la suite:

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."

▶ Relance List_Kill'em,avec le raccourci sur ton bureau.

mais cette fois-ci :

▶ choisis l'Option Suppression

▶▶▶ Ne clique qu'une seule fois sur le bouton !!

laisse travailler l'outil.

en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta réponse
=========================================================
Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )

/!\ Ferme toutes applications en cours /!\

▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
▶ Sur la page, clique sur le bouton « Nettoyer »
▶ Confirme lancement du scan
▶ Laisse travailler l'outil.
▶ Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN[1].txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

=======================================================

▶ Télécharge et installe ZHPDiag. Ne le lance pas maintenant (décoche le carré "Lancer ZHPDiag")

▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C ) 

 FirewallRAZ
EmptyTemp
EmptyFlash


▶ Puis Lance ZHPFix depuis le raccourci du bureau .

▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

▶ Copie/Colle le rapport à l'écran dans ton prochain message

▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

▶ Redémarre ton ordinateur, fais une analyse avec ZHPDiag comme expliqué::

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPDiag, « exécuter en tant qu'Administrateur »

▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur pjjoint.malekal.com

▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.

@+
0
Réponse 7 / 27
lordgiovani
 
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.6 ¤¤¤¤¤¤¤¤¤¤

User : cédric (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 23:16:58 | 26/03/2011

Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.19019

WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 207,5 Go (74,77 Go free) [BOOT] | NTFS
D:\ -> Disque fixe local | 25,37 Go (13,85 Go free) [RECOVER] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible

Killed : PID 3544 'iexplore.exe'
Killed : PID 3600 'iexplore.exe'
Killed : PID 5172 'Msnmsgr.exe'
Killed : PID 4044 'explorer.exe'

¤¤¤¤¤¤¤¤¤¤ Fichiers | Dossiers

Mis en quarantaine : C:\Users\c'dric\AppData\Local\d3d8caps.dat
Mis en quarantaine : C:\Users\c'dric\AppData\Local\d3d9caps.dat
Mis en quarantaine : C:\Users\c'dric\AppData\Local\GDIPFONTCACHEV1.DAT
Mis en quarantaine : C:\ProgramData\Trymedia

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

C:\Windows\System32\Drivers\etc\hosts
127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤¤¤¤

Suppression : HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Suppression : HKCR\interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Suppression : HKCR\interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Suppression : HKCR\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://www.google.com/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Centre de securite ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
PowerdownAfterShutdown = 1

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

TDSS | svchost | Internet Explorer:
====================================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x822C5FEF] -> \Device\Harddisk0\DR0[0x86D11AC8]
3 CLASSPNP[0x8ABCF745] -> ntkrnlpa!IofCallDriver[0x822C5FEF] -> \Device\Ide\IAAStorageDevice-0[0x85739028]
kernel: MBR read successfully
user & kernel MBR OK

Fin du Nettoyage : 23:17:49

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
génial pour kill'em :)

j'attends:

-AD-R
-ZHPFix
-ZHPDiag

:-)
0
Réponse 9 / 27
Lordgiovani Messages postés 134 Statut Membre
 
RogueKiller V4.3.3 par Tigzy
contact sur https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html

Systeme d'exploitation: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur: cédric [Droits d'admin]
Mode: Suppression -- Date : 26/03/2011 00:15:49

Processus malicieux: 1
[APPDT/TMP/DESKTOP] defender.exe -- c:\users\cédric\appdata\roaming\defender.exe -> KILLED

Entrees de registre: 1
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : Malware Protection (C:\Users\cédric\AppData\Roaming\defender.exe) -> DELETED

Fichier HOSTS:
127.0.0.1 localhost
::1 localhost

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 10 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
j ai déjà eu ce rapport, j attends donc ad-remover, zhpfix, et zhpdiag. (zhpdiag a héberger il ne serait pas complet ici)
0
Réponse 11 / 27
Lordgiovani Messages postés 134 Statut Membre
 
Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011
Fichier d'export Registre : C:\ZHPExportRegistry-27-03-2011-0-14-17.txt
Run by cédric at 27/03/2011 0:14:17
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Valeur(s) du Registre ==========
FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile"
FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile"
FirewallRaz (None) : {D2786228-0285-4F6B-841E-BB61DFC8B49D} => Valeur supprimée avec succès

========== Dossier(s) ==========
Dossiers Flash Cookies supprimés : 981

========== Fichier(s) ==========
Fichiers Flash Cookies supprimés : 508

========== Récapitulatif ==========
3 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)

End of the scan
0
Réponse 12 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
vu

==> rapport C:\Ad-Report-CLEAN[1].txt stp.
==> rapport ZHPDiag.txt sur pjjoint stp
0
Réponse 13 / 27
Lordgiovani Messages postés 134 Statut Membre
 
======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 00:00:38 le 27/03/2011, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
cédric@PC-DE-CÉDRIC (MEDION WIM2210)

============== ACTION(S) ==============

Dossier supprimé: C:\Users\cédric\AppData\Local\Conduit
Dossier supprimé: C:\Users\cédric\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\cédric\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Users\cédric\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Users\cédric\AppData\LocalLow\ShopperReports3

(!) -- Fichiers temporaires supprimés.

Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{E426B8C2-E9FD-4A51-A477-3EB961CF8A47}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E426B8C2-E9FD-4A51-A477-3EB961CF8A47}
Clé supprimée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Clé supprimée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Clé supprimée: HKLM\Software\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Clé supprimée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Clé supprimée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Clé supprimée: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Clé supprimée: HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Clé supprimée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Clé supprimée: HKLM\Software\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Clé supprimée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Clé supprimée: HKLM\Software\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Clé supprimée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Clé supprimée: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Clé supprimée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2905348
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKLM\Software\Trymedia Systems
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKCU\Software\AppDataLow\Software\ShopperReports3
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8EF3A61-B7F2-4E29-B0F1-498906EB0312}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.6001.19019] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{dc4a8395-7bea-47fb-89cb-34aef53c19b2} - "Messenger Plus BE Toolbar" (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
HKLM_URLSearchHooks|{dc4a8395-7bea-47fb-89cb-34aef53c19b2} - "Messenger Plus BE Toolbar" (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{DC4A8395-7BEA-47FB-89CB-34AEF53C19B2} (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{dc4a8395-7bea-47fb-89cb-34aef53c19b2} (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
HKLM_ElevationPolicy\{2E77C428-1CB4-4081-AE2A-C4416D8A3828} - C:\Program Files\Messenger_Plus_BE\Messenger_Plus_BEToolbarHelper.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{DF713F92-04D9-439F-ADE1-4BDFC720566F} - C:\Users\cédric\AppData\Local\Conduit\CT2905348\Messenger_Plus_BEAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{dc4a8395-7bea-47fb-89cb-34aef53c19b2} - "Messenger Plus BE Toolbar" (C:\Program Files\Messenger_Plus_BE\prxtbMess.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 127 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/03/2011 00:00:53 (7058 Octet(s))

Fin à: 00:01:54, 27/03/2011

============== E.O.F ==============
0
Réponse 14 / 27
Lordgiovani Messages postés 134 Statut Membre
 
https://pjjoint.malekal.com/files.php?id=e136ae59db10146
0
Réponse 15 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
bien

▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C ) 

 O42 - Logiciel: Messenger Plus BE Toolbar - (.Messenger Plus BE.) [HKLM] -- Messenger_Plus_BE Toolbar
[HKCU\Software\0548437A37720294CDFB50EEF75CCE0D]
[HKCU\Software\AppDataLow\Software\Messenger_Plus_BE]
[HKLM\Software\Messenger_Plus_BE]
O43 - CFD: 26/03/2011 - 22:57:42 - [4555168] ----D- C:\Program Files\Messenger_Plus_BE
[MD5.CE7E0A3C1E5091A069F34B3ECB955DB7] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   [111928] 
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   
G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://home.sweetim.com
O23 - Service:  (ASWLSVC) - Clé orpheline
[MD5.00000000000000000000000000000000] [APT] [{0973E4B9-03FA-48AA-911C-CFC79BFDD41E}] (.Pas de propriétaire.) -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe (.not file.)
R3 - URLSearchHook: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 0, 0, 4) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B}   
[HKCU\Software\SweetIM]     
[HKLM\Software\SweetIM]    
O43 - CFD: 14/03/2011 - 17:38:18 - [8620750] ----D- C:\Program Files\SweetIM    
O43 - CFD: 14/03/2011 - 17:38:12 - [308650] ----D- C:\ProgramData\SweetIM   
[HKCR\sweetie.ietoolbar]
[HKCR\sweetie.ietoolbar.1]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\sweetie.ietoolbar]
[HKLM\Software\Classes\sweetie.ietoolbar.1]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\Toolbar3.sweetie]
[HKLM\Software\Classes\Toolbar3.sweetie.1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe]


▶ Puis Lance ZHPFix depuis le raccourci du bureau .

▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

▶ Copie/Colle le rapport à l'écran dans ton prochain message

▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

▶ Redémarre ton ordinateur, refais une analyse avec ZHPDiag et héberge son rapport
0
Réponse 16 / 27
Lordgiovani Messages postés 134 Statut Membre
 
Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011
Fichier d'export Registre :
Run by cédric at 27/03/2011 12:36:02
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O42 - Logiciel: Messenger Plus BE Toolbar - (.Messenger Plus BE.) [HKLM] -- Messenger_Plus_BE Toolbar => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle!
HKCU\Software\0548437A37720294CDFB50EEF75CCE0D => Clé supprimée avec succès
HKCU\Software\AppDataLow\Software\Messenger_Plus_BE => Clé supprimée avec succès
HKLM\Software\Messenger_Plus_BE => Clé supprimée avec succès
O23 - Service: (ASWLSVC) - Clé orpheline => Clé absente
O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll => Clé absente
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Clé absente
HKCR\sweetie.ietoolbar => Clé supprimée avec succès
HKCR\sweetie.ietoolbar.1 => Clé supprimée avec succès
HKCR\sweetim_urlsearchhook.toolbarurlsearchhook => Clé supprimée avec succès
HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé supprimée avec succès
HKLM\Software\Classes\sweetie.ietoolbar => Clé absente
HKLM\Software\Classes\sweetie.ietoolbar.1 => Clé absente
HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook => Clé absente
HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 => Clé absente
HKLM\Software\Classes\Toolbar3.sweetie => Clé supprimée avec succès
HKLM\Software\Classes\Toolbar3.sweetie.1 => Clé supprimée avec succès
HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe => Valeur supprimée avec succès
R3 - URLSearchHook: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll => Valeur supprimée avec succès
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 0, 0, 4) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll => Valeur supprimée avec succès
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Valeur supprimée avec succès
O3 - Toolbar: Messenger Plus BE Toolbar - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll => Valeur supprimée avec succès

========== Préférences navigateur ==========
G0 - GCSP: Preference [User Data\Default][HomePage] https://home.sweetim.com/ => Valeur supprimée avec succès
G0 - GCSP: Preference [User Data\Default][HomePage] https://home.sweetim.com/ => Valeur supprimée avec succès

========== Dossier(s) ==========
C:\Program Files\Messenger_Plus_BE => Fichier supprimé au reboot
C:\Program Files\SweetIM => Fichier supprimé au reboot
C:\ProgramData\SweetIM => Fichier supprimé au reboot

========== Fichier(s) ==========
c:\program files\sweetim\messenger\sweetim.exe => Supprimé et mis en quarantaine
c:\program files\messenger_plus_be\prxtbmess.dll => Supprimé et mis en quarantaine
c:\program files\sweetim\toolbars\internet explorer\mghelper.dll => Supprimé et mis en quarantaine
c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll => Supprimé et mis en quarantaine

========== Logiciel(s) ==========
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B} => Logiciel déjà supprimé

========== Tache planifiée ==========
Task : {0973E4B9-03FA-48AA-911C-CFC79BFDD41E} => Tâche supprimée avec succès

========== Autre ==========
[MD5.CE7E0A3C1E5091A069F34B3ECB955DB7] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928] => Format Non supporté

========== Récapitulatif ==========
18 : Clé(s) du Registre
5 : Valeur(s) du Registre
3 : Dossier(s)
4 : Fichier(s)
1 : Logiciel(s)
2 : Préférences navigateur
1 : Tache planifiée
1 : Autre

End of the scan
0
Réponse 17 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
parfait.

redémarre ton ordi refais moi une analyse avec zhpdiag. Héberge son rapport comme d'hab.

Ensuite lance ton antivirus, un scan complet, tiens moi au jus ;)
0
Réponse 18 / 27
Lordgiovani Messages postés 134 Statut Membre
 
https://pjjoint.malekal.com/files.php?id=9a54a3b6915912
0
Réponse 19 / 27
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C ) 

 O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (...) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll (.not file.)    
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (...) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (.not file.)    
O23 - Service:  (ASWLSVC) - Clé orpheline 
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B}  
[HKCU\Software\AppDataLow\Software\toolbar]   
[HKCU\Software\SweetIM]     
[HKLM\Software\SweetIM]   
O43 - CFD: 14/03/2011 - 18:38:18 - [6885158] ----D- C:\Program Files\SweetIM     
O43 - CFD: 14/03/2011 - 18:38:12 - [308651] ----D- C:\ProgramData\SweetIM


▶ Puis Lance ZHPFix depuis le raccourci du bureau .

▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

▶ Copie/Colle le rapport à l'écran dans ton prochain message

▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

=========================================================

Mets à jour vista: Vista SP2
0
Réponse 20 / 27
Lordgiovani Messages postés 134 Statut Membre
 
Rapport de ZHPFix 1.12.3264 par Nicolas Coolman, Update du 25/03/2011
Fichier d'export Registre : C:\ZHPExportRegistry-27-03-2011-19-51-38.txt
Run by cédric at 27/03/2011 19:51:34
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O2 - BHO: Messenger Plus BE - {dc4a8395-7bea-47fb-89cb-34aef53c19b2} . (...) -- C:\Program Files\Messenger_Plus_BE\prxtbMess.dll (.not file.) => Clé absente
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (...) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (.not file.) => Clé absente
O23 - Service: (ASWLSVC) - Clé orpheline => Clé absente

========== Dossier(s) ==========
C:\Program Files\SweetIM => Fichier supprimé au reboot
C:\ProgramData\SweetIM => Fichier supprimé au reboot

========== Fichier(s) ==========
c:\program files\messenger_plus_be\prxtbmess.dll => Supprimé et mis en quarantaine
c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll => Fichier absent

========== Logiciel(s) ==========
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.0 - (.SweetIM Technologies Ltd..) [HKLM] -- {BF67F764-95B6-4360-BB57-B2E5AA6C814B} => Logiciel déjà supprimé

========== Récapitulatif ==========
3 : Clé(s) du Registre
2 : Dossier(s)
2 : Fichier(s)
1 : Logiciel(s)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses