Menu

Protected search [Résolu/Fermé]

naninonu - 2 déc. 2011 à 01:14 - Dernière réponse :  deejayxav
- 29 déc. 2011 à 23:20
Bonjour,
j'ai le même problème que les gens avec protected search qui bouffe ma page d 'accueil

help me please lol

merci de vos réponses
Afficher la suite 

9 réponses

Fish66 17433 Messages postés dimanche 24 juillet 2011Date d'inscriptionContributeur sécuritéStatut 23 novembre 2017 Dernière intervention - 2 déc. 2011 à 13:51
+1
Utile
3
Salut,

1/
Télécharge AdwCleaner (merci à Xplode)
Ou ADWCleaner ici
Lance AdwCleaner
Clique sur le bouton [ Suppression ]
Patiente...
Poste le rapport qui apparait en fin de recherche.
Il se trouve également à C:\AdwCleaner[SX] (où X est un chiffre)

2/
Nous allons effectuer un diagnostic de ton PC:
*Télécharge ZHPDiag sur ton bureau :

http://telechargement.zebulon.fr/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : http://www.cijoint.fr/
Si indisponible, tu peux essayer avec l'un de ces liens:
http://dl.free.fr
http://www.toofiles.com/fr/documents-upload.html
http://www.terafiles.net/
http://www.casimages.com
http://pjjoint.malekal.com/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur cijoint.fr/

Rend toi sur ce site : http://www.cijoint.fr/
Clique sur Choisissez un fichier
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj44123/cijSKAP5fU.txt
est ajouté dans la page. Copie ce lien dans ta réponse.
============================================
Aide : >>> hébergement ICI <<<

@+
Cette réponse vous a-t-elle aidé ?  
http://www.toofiles.com/fr/oip/documents/txt/6075_zhpdiag.html

j 'espere que c 'est bien sa qu'il fallait faire
merci
voici le rapport de zhpdiag

http://dl.free.fr/fdhZpH6Ul

Merci pour votre aide
Bonsoir,

Merci de m'aider à nettoyer mon PC qui présente le meme symptome que naninonu.

1/ rapport AdwCleaner :

# AdwCleaner v1.403 - Rapport créé le 29/12/2011 à 22:57:21
# Mis à jour le 24/12/11 à 14h par Xplode
# Système d'exploitation : Windows Vista (TM) Ultimate Service Pack 1 (32 bits)
# Nom d'utilisateur : Xavier - PCSOUSVISTA (Administrateur)
# Exécuté depuis : C:\Users\Xavier\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : : Application Updater

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\Users\Xavier\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Xavier\AppData\Roaming\Complitly
Dossier Supprimé : C:\Users\Xavier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Dossier Supprimé : C:\Users\Xavier\AppData\Local\Babylon
Dossier Supprimé : C:\Users\Xavier\AppData\LocalLow\Search Settings
Dossier Supprimé : C:\Users\Xavier\AppData\LocalLow\pdfforge
Dossier Supprimé : C:\Users\Xavier\AppData\LocalLow\Toolbar4
Dossier Supprimé : C:\Program Files\Complitly
Dossier Supprimé : C:\Program Files\pdfforge Toolbar
Dossier Supprimé : C:\Program Files\Common Files\spigot
Dossier Supprimé : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Dossier Supprimé : C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\ztsbc9q5.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}

***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB02609.IEToolbar
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB02609.IEToolbar.1
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB02609.TBSB02609
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB02609.TBSB02609.3
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.TBSB02609
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.TBSB02609.1
Clé Supprimée : HKCU\Software\Complitly
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\pdfforge
Clé Supprimée : HKCU\Software\AppDataLow\Software\Search Settings
Clé Supprimée : HKLM\SOFTWARE\Application Updater
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\pdfforge
Clé Supprimée : HKLM\SOFTWARE\Search Settings
Clé Supprimée : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clé Supprimée : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Clé Supprimée : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.19019

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://webplayersearch.com/ --> hxxp://www.google.fr
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://webplayersearch.com/ --> hxxp://www.google.fr

-\\ Mozilla Firefox v8.0 (fr)

Profil : ztsbc9q5.default
Fichier : C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\ztsbc9q5.default\prefs.js

C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\ztsbc9q5.default\user.js ... Supprimé !

Supprimée : user_pref("browser.startup.homepage", "hxxp://search.webplayer.tv");
Supprimée : user_pref("extensions.asktb.cbid", "N9");
Supprimée : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&[...]
Supprimée : user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
Supprimée : user_pref("extensions.asktb.fresh-install", false);
Supprimée : user_pref("extensions.asktb.l", "dis");
Supprimée : user_pref("extensions.asktb.last-config-req", "1298014935279");
Supprimée : user_pref("extensions.asktb.locale", "fr_FR");
Supprimée : user_pref("extensions.asktb.nero.userName", "");
Supprimée : user_pref("extensions.asktb.o", "15418");
Supprimée : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Supprimée : user_pref("extensions.asktb.qsrc", "2871");
Supprimée : user_pref("extensions.asktb.r", "2");

*************************

AdwCleaner[S1].txt - [12330 octets] - [29/12/2011 22:57:21]

*************************

Dossier Temporaire : 86 dossier(s)et 1150 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S1].txt - [12554 octets] ##########


2/ lien rapport ZHPDiag :

http://dl.free.fr/jN1K6gwbD

Merci pour votre précieuse aide
Fish66 17433 Messages postés dimanche 24 juillet 2011Date d'inscriptionContributeur sécuritéStatut 23 novembre 2017 Dernière intervention - 2 déc. 2011 à 18:25
0
Utile
Re,

Oh, ton PC est très infecté surtout par des adwares!!!

1/
Lance ADWCleaner comme je t'ai demandé >>> ICI <<< en 1/ puis poste le rapport stp

2/
* Télécharge de AD-Remover sur ton Bureau.
http://www.teamxscript.org/adremoverTelechargement.html

/!\ Ferme toutes applications en cours /!\

- Double sur l'icône Ad-remover située sur ton Bureau.
-Pour vista/Seven : clique avec le bouton droit de la souris et choisis « exécuter en tant qu'administrateur »
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

3/
/!\ ATTENTION : cette analyse peut durer quelques heures /!\

* Télécharge MBAM et installe le selon l'emplacement par défaut
http://www.malwarebytes.org/mwb-download.php
* Lance Malwarebytes' Anti-Malware
* Fais la mise à jour
* Clique dans l'onglet "Recherche"
* Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
* Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

* Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

* Clique sur OK puis "Afficher les résultats"
*Vérifie que toutes les lignes sont cochées
* Choisis l'option "Supprimer la sélection"
* Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
* Le rapport s'ouvre automatiquement après la suppression, il se trouve aussi dans l'onglet "Rapports/Logs"

* Copie/colle le rapport dans le prochain message


Remarque :
- S'il y'a un problème de mise à jour de mbam, tu peux la faire manuellement en téléchargeant ce fichier puis en l'exécutant.


@+
naninonu 2 Messages postés samedi 3 décembre 2011Date d'inscription 3 décembre 2011 Dernière intervention - 3 déc. 2011 à 02:29
0
Utile
le rapport de mbam

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8292

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/12/2011 02:12:21
mbam-log-2011-12-03 (02-12-21).txt

Type d'examen: Examen complet (C:\|E:\|)
Elément(s) analysé(s): 226253
Temps écoulé: 42 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 5
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 109

Processus mémoire infecté(s):
c:\program files\questscan\questscan.exe (Adware.Agent.ZGen) -> 152 -> Unloaded process successfully.
c:\program files\questscan\questscan.exe (Adware.Agent.ZGen) -> 3328 -> Unloaded process successfully.
c:\WINDOWS\system32\config\systemprofile\local settings\application data\windows internet name service\wins.exe (Trojan.Sefnit) -> 3420 -> Unloaded process successfully.
c:\WINDOWS\system32\config\systemprofile\local settings\application data\windows internet name service\wins.exe (Trojan.Sefnit) -> 3336 -> Unloaded process successfully.
c:\program files\brightbreeze\bin\2.0.5.0\brightbreezesa.exe (Adware.HotBar.BB) -> 3892 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.
c:\program files\brightbreeze\bin\2.0.5.0\brightbreezesahook.dll (Adware.HotBar.BB) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\brightbreezesa (Adware.HotBar.BB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\BrightBreeze (Adware.HotBar.BB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrightBreezeSA (Adware.HotBar.BB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Chat-Landmessenger (Trojan.Hijacker) -> Value: Chat-Landmessenger -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BrightBreezeSA (Adware.HotBar.BB) -> Value: BrightBreezeSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service\ImagePath (Trojan.P2P) -> Value: ImagePath -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\program files\brightbreeze\bin (Adware.HotBar.BB) -> Delete on reboot.
c:\program files\brightbreeze\bin\2.0.5.0 (Adware.HotBar.BB) -> Delete on reboot.
c:\documents and settings\all users\application data\brightbreezesa (Adware.HotBar.BB) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\questscan\questscan.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\program files\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.
c:\WINDOWS\system32\config\systemprofile\local settings\application data\windows internet name service\wins.exe (Trojan.Sefnit) -> Delete on reboot.
c:\documents and settings\Userinit\chat-land\chat-landmessenger.exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\questscan\questscan191.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\questscan\questscan193.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3imstub.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3ieovr.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3srchmn.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3cjpeg.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3dtactl.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3histsw.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3hkstub.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3htmlmu.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3httpct.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3popswt.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3reghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3reprox.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3restub.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3schmon.exe.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3scrctr.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\f3wphook.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3auxstb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3dlghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3highin.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3html.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3idle.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3impipe.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3medint.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3msg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3outlcn.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3plugin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3skin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3skplay.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\m3slsrch.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsbar.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsmlbtn.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoeplg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwssrcas.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\mwsuabtn.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mywebsearch\bar\1.bin\npmywebs.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\shoppingreport2\Bin\2.7.37\shoppingreport.dll.vir (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\WINDOWS\system32\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\WinRAR\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP143\A0017791.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP143\A0017792.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP143\A0017793.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP143\A0017795.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP143\A0017796.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP143\A0017797.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP144\A0018039.exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP149\A0022130.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP152\A0022163.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP152\A0022164.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP152\A0022165.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP152\A0022166.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030373.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030387.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030388.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030389.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030390.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030391.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030392.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030393.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030394.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030396.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030397.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030398.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030399.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030400.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030401.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030402.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030403.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030404.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030405.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030406.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030407.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030408.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030409.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030410.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030411.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030413.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030414.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030415.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030416.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030418.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030419.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030420.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030421.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030422.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030423.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030424.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030425.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030426.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030434.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030395.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1980575-00f1-4c9c-a335-a696ad1a9f3c}\RP194\A0030412.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\ie8\iexplore.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.5.0\brightbreezesa.exe (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.5.0\brightbreezesahook.dll (Adware.HotBar.BB) -> Delete on reboot.
c:\program files\brightbreeze\bin\2.0.5.0\brightbreezeuninstaller.exe (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\program files\brightbreeze\bin\2.0.5.0\copyright.txt (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\brightbreezesa\brightbreezesa.dat (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\brightbreezesa\brightbreezesaau.dat (Adware.HotBar.BB) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\brightbreezesa\brightbreezesa_kyf.dat (Adware.HotBar.BB) -> Quarantined and deleted successfully.
naninonu 2 Messages postés samedi 3 décembre 2011Date d'inscription 3 décembre 2011 Dernière intervention - 3 déc. 2011 à 02:34
0
Utile
Re,

au niveau des rapports est ce bien ceci que tu voulais ?

de quoi viennent les ardwares ou trucs du genre, avec quoi je peux proteger mon pc ? de préférence gratuit.

En tous cas ma page d 'accueil n'est plus protected search donc je suppose que sa à fonctionné et je te remercie vraiment beaucoup de ton aide
Fish66 17433 Messages postés dimanche 24 juillet 2011Date d'inscriptionContributeur sécuritéStatut 23 novembre 2017 Dernière intervention - 3 déc. 2011 à 06:31
0
Utile
Bonjour,

Ton PC est encore infecté, poste stp les rapports demandés pour le nettoyer...

=======================

Quelques informations sur les adwares : http://www.malekal.com/2011/09/08/supprimer-les-popups-de-publicites-adware/

A la fin de la désinfection on va installer des modules complémentaires Adblock plus et WOT pour sécuriser ton PC

@+

Fish66 17433 Messages postés dimanche 24 juillet 2011Date d'inscriptionContributeur sécuritéStatut 23 novembre 2017 Dernière intervention - 11 déc. 2011 à 11:01
0
Utile
Bonjour,
1/
Désinstalle stp spybot, il ne sert à rien.

2/
* Télécharge OTM (OldTimer) sur ton Bureau

ICI >> OTM (OldTimer)
* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :



:files
C:\Users\catherine\AppData\Roaming\Widestream
C:\Users\catherine\AppData\Local\widestream6 Air

:Reg
[-HKCU\Software\WideStream]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1a6dc111-b030-4c3e-be65-299284128b91}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]

:commands
[emptytemp]




- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

3/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


O43 - CFD: 16/11/2011 - 23:17:50 - [0,001] ----D- C:\Users\catherine\AppData\Roaming\widestream => Infection BT (Adware.SPointer)
O43 - CFD: 26/11/2011 - 14:12:56 - [0,200] ----D- C:\Users\catherine\AppData\Local\widestream6 Air => Infection BT (Adware.SPointer)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[MD5.00000000000000000000000000000000] [APT] [OfferBoxUpdate] (...) -- C:\Program Files (x86)\OfferBox\OfferBox.exe (.not file.)
O43 - CFD: 26/11/2011 - 09:22:06 - [0] ----D- C:\Users\catherine\AppData\Local\{07733404-7FF6-4E93-9E68-7927AC177C83}
O43 - CFD: 27/11/2011 - 12:15:14 - [0] ----D- C:\Users\catherine\AppData\Local\{1360E589-B390-4375-9797-D90E16F98ACD}
O43 - CFD: 24/11/2011 - 18:39:40 - [0] ----D- C:\Users\catherine\AppData\Local\{1918BF5C-6E87-4372-AC84-FE0734D43FC3}
O43 - CFD: 25/11/2011 - 19:55:34 - [0] ----D- C:\Users\catherine\AppData\Local\{21B1316E-871E-4EDF-A3A6-8DF73BA783CD}
O43 - CFD: 25/11/2011 - 19:55:34 - [0] ----D- C:\Users\catherine\AppData\Local\{321A441C-2881-4973-8933-56AC47A10D65}
O43 - CFD: 25/11/2011 - 07:45:38 - [0] ----D- C:\Users\catherine\AppData\Local\{58FB44E7-4CDA-469D-A194-8922DC184ABF}
O43 - CFD: 28/11/2011 - 19:25:30 - [0] ----D- C:\Users\catherine\AppData\Local\{6C51D51E-1EE4-4E94-9B6F-AF342396B743}
O43 - CFD: 28/11/2011 - 00:16:10 - [0] ----D- C:\Users\catherine\AppData\Local\{775CCBBD-61CC-4A4F-8BF8-3F4517DA0DDF}
O43 - CFD: 25/11/2011 - 07:45:40 - [0] ----D- C:\Users\catherine\AppData\Local\{7A108A23-1E5A-4A32-B2D6-99851CD1B8CC}
O43 - CFD: 28/11/2011 - 00:16:00 - [0] ----D- C:\Users\catherine\AppData\Local\{7E188445-B813-4AF5-BD80-069FF8728153}
O43 - CFD: 24/11/2011 - 18:39:46 - [0] ----D- C:\Users\catherine\AppData\Local\{AED18E56-A5FA-4C34-A457-686A29E7F81E}
O43 - CFD: 26/11/2011 - 09:22:08 - [0] ----D- C:\Users\catherine\AppData\Local\{E120DDBE-8CCC-4ACB-8697-7F7194BA5499}
O43 - CFD: 27/11/2011 - 12:15:02 - [0] ----D- C:\Users\catherine\AppData\Local\{E92BE636-EE64-405A-A315-8C52AD623D22}

FirewallRAZ
EmptyTemp
EmptyFlash




Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.

@+