Bonjour,
Voici le rapport d'Ad-Remover : ======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web:
http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:35:01 le 04/10/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Propriétaire@HERARD-IRPRU7SE ( )
============== ACTION(S) ==============
0,Fichier supprimé: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\ruqebjwq.default\searchplugins\askcom.xml
0,Dossier supprimé: C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Adparatus
0,Dossier supprimé: C:\Program Files\Adparatus
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\ruqebjwq.default\Prefs.js --
Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");
-- Fichier Fermé --
1,Clé supprimée: HKLM\Software\Classes\CLSID\{8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{A4BCA928-B566-49C6-AEF1-50BF8673F5CF}
3,Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE775156-BB0F-4DC3-A0BC-9B2E64D7D7B6}
0,Clé supprimée: HKLM\Software\MarketPrecision
0,Clé supprimée: HKCU\Software\IEBarProperties
0,Clé supprimée: HKCU\Software\MarketPrecision
0,Clé supprimée: HKCU\Software\AppDataLow\Software\MarketPrecision
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FA88B875-5B2B-417C-BC45-1169FAF2BFB6}
3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{FA88B875-5B2B-417C-BC45-1169FAF2BFB6}
0,Clé supprimée: HKLM\Software\Microsoft\ESENT\Process\Adparatus
0,Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdParatus
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.0.19 (fr)] **
-- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\ruqebjwq.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Propriétaire\\Bureau\\Elise
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://google.fr/
browser.startup.homepage_override.mstone, rv:1.9.0.19
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 14 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 04/10/2010 (2596 Octet(s))
Fin à: 19:37:12, 04/10/2010
============== E.O.F ==============
Voilà celui de MalwareByte's Anti Malware :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4741
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/10/2010 20:43:31
mbam-log-2010-10-04 (20-43-31).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 188695
Temps écoulé: 49 minute(s), 8 seconde(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
C:\Documents and Settings\All Users\Application Data\QuestBrowser\questbrowser117.exe (Adware.QuestBrowser) -> Unloaded process successfully.
C:\Program Files\QuestBrowser\questbrowser.exe (Adware.QuestBrowser) -> Unloaded process successfully.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Program Files\QuestBrowser\questbrowser.dll (Adware.Agent.Gen) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{d0b60438-57e7-44de-8f8e-6c3bf305d430} (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51278f1a-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{51278f1a-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51278f1a-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51278f1a-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51278f1b-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{51278f1b-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51278f1b-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51278f1b-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questbrowser (Adware.QuestBrowser) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowser (Adware.QuestBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTBROWSER_SERVICE (Adware.QuestBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowser Service (Adware.QuestBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee775157-bb0f-4dc3-a0bc-9b2e64d7d7b6} (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51278f1a-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{51278f1a-3e63-493d-beec-819603a153ee} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\QuestBrowser (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6} (Adware.QuestBrowser) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome (Adware.QuestBrowser) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\QuestBrowser (Adware.QuestBrowser) -> Delete on reboot.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\AdparatusTemp (Adware.Adparatus) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\QuestBrowser\questbrowser.dll (Adware.Agent.Gen) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\QuestBrowser\questbrowser117.exe (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\QuestBrowser\questbrowser.exe (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\gpff.dll (Adware.Agent) -> Delete on reboot.
C:\System Volume Information\_restore{281ED877-A8E0-4C64-93BD-4F18E62CB81A}\RP509\A0054303.exe (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{281ED877-A8E0-4C64-93BD-4F18E62CB81A}\RP510\A0055073.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{281ED877-A8E0-4C64-93BD-4F18E62CB81A}\RP510\A0055074.exe (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c378.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome.manifest (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\install.rdf (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome\questbrowser.jar (Adware.QuestBrowser) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences\prefs.js (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Program Files\QuestBrowser\uninstall.exe (Adware.QuestBrowser) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\AdparatusTemp\DUH4B1.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\AdparatusTemp\DUH4B2.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Streaming Music - MediaPass.lnk (Adware.Trace) -> Quarantined and deleted successfully.
Je te redonne le lien dans une autre réponse, pour éviter que cela ne charge trop ce post, qui l'est déjà bien assez.
