Khankao
-
Compteur de contenus
10 -
Inscription
-
Dernière visite
Khankao's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Purge restauration effectuée! Je suis très impressionné par la rapidité, la clarté et le suivi avec lequel tu m'as répondu. Très sincèrement merci, et bonnes fêtes mister Apollo! -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Alors premier rapport de DelFix après recherche: # DelFix v8.7 - Rapport créé le 20/12/2011 à 13:43:57 # Mis à jour le 01/12/11 à 20h par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 2 (32 bits) # Nom d'utilisateur : KAOKHAN - 7BY-KAO (Administrateur) # Exécuté depuis : C:\Documents and Settings\KAOKHAN.7BY-KAO\Mes documents\Téléchargements\delfix.exe # Option [Recherche] ~~~~~~ Dossiers(s) ~~~~~~ Présent : C:\ZHP Présent : C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\ZHP Présent : C:\Program Files\ZHPDiag ~~~~~~ Fichier(s) ~~~~~~ Présent : C:\AdwCleaner[s1].txt Présent : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\adwcleaner.exe Présent : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\ZHPDiag.txt Présent : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\ZHPDiag2.exe Présent : C:\Documents and Settings\All Users.WINDOWS\Bureau\ZHPDiag.lnk Présent : C:\Documents and Settings\All Users.WINDOWS\Bureau\ZHPFix.lnk ~~~~~~ Registre ~~~~~~ Clé Présente : HKLM\SOFTWARE\AdwCleaner Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 ~~~~~~ Autres ~~~~~~ ************************* DelFix[R1].txt - [1167 octets] - [20/12/2011 13:43:57] ########## EOF - C:\DelFix[R1].txt - [1291 octets] ########## et second rapport après suppression : # DelFix v8.7 - Rapport créé le 20/12/2011 à 13:45:32 # Mis à jour le 01/12/11 à 20h par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 2 (32 bits) # Nom d'utilisateur : KAOKHAN - 7BY-KAO (Administrateur) # Exécuté depuis : C:\Documents and Settings\KAOKHAN.7BY-KAO\Mes documents\Téléchargements\delfix.exe # Option [suppression] ~~~~~~ Dossiers(s) ~~~~~~ Supprimé : C:\ZHP Supprimé : C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\ZHP Supprimé : C:\Program Files\ZHPDiag ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\AdwCleaner[s1].txt Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\adwcleaner.exe Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\ZHPDiag.txt Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\ZHPDiag2.exe Supprimé : C:\Documents and Settings\All Users.WINDOWS\Bureau\ZHPDiag.lnk Supprimé : C:\Documents and Settings\All Users.WINDOWS\Bureau\ZHPFix.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\AdwCleaner Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[R1].txt - [1288 octets] - [20/12/2011 13:43:57] DelFix[s1].txt - [1254 octets] - [20/12/2011 13:45:32] ########## EOF - C:\DelFix[s1].txt - [1378 octets] ########## On est bon? -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Voilà Apo, toutes les vérifications sont faites. -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
L'ordi tourne bien. Je démarre les vérifications. -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Voilà mon nouveau rapport MBAM (après analyse complète): Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 8401 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 20/12/2011 12:48:44 mbam-log-2011-12-20 (12-48-44).txt Type d'examen: Examen complet (C:\|G:\|) Elément(s) analysé(s): 373682 Temps écoulé: 50 minute(s), 58 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 13 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 20 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully. c:\BACKUP\PROG\PROGRAMZ\KEYGEN.EXE (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\documents and settings\kaokhan.7by-kao\local settings\application data\Temp\{fc1141a7-4b17-4690-95bf-470e27dcb2d7} (Trojan.P2P.Worm) -> Quarantined and deleted successfully. c:\documents and settings\kaokhan.7by-kao\mes documents\téléchargements\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\documents and settings\kaokhan.7by-kao\mes documents\téléchargements\webplayer.exe (Adware.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\kaokhan.7by-kao\mes documents\téléchargements\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP510\A0363280.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\rp542\a0411502.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP545\A0412135.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421815.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421810.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421811.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421812.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\rp556\a0421813.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421816.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421817.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421819.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421820.exe (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP556\A0421822.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\system volume information\_restore{5cc985c0-929f-4748-9e3d-fa24d1f023b0}\RP508\A0363182.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully. -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Oups "Not selected for removal" j'avais pas vu. Voilà le rapport de AdwCleaner m'sieu l'astronaute. # AdwCleaner v1.402 - Rapport créé le 20/12/2011 à 11:19:16 # Mis à jour le 11/12/11 à 19h par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 2 (32 bits) # Nom d'utilisateur : KAOKHAN - 7BY-KAO (Administrateur) # Exécuté depuis : C:\Documents and Settings\KAOKHAN.7BY-KAO\Bureau\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\freeTVRadio Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\OfferBox Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Toolbar4 Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Local Settings\Application Data\Conduit Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Local Settings\Application Data\freetvradio Air Dossier Supprimé : C:\Program Files\Conduit Dossier Supprimé : C:\Program Files\freeTVRadio Dossier Supprimé : C:\Program Files\FREEzefrog Dossier Supprimé : C:\Program Files\QuestScan Dossier Supprimé : C:\Program Files\WebplayerTool Dossier Supprimé : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\Conduit Dossier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\extensions\{C5C31551-23FC-4895-B1C7-E209163DECA5} Fichier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\scriptjava.html Fichier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\F_ajour.jar Fichier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\errorlog.tmp Fichier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\searchplugins\Conduit.xml Fichier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\searchplugins\Cherche.xml Fichier Supprimé : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\searchplugins\Fissa.xml ***** [Registre] ***** [*] Clé Supprimée : HKCU\Software\TBSB00808 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB00808.IEToolbar [*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB00808.IEToolbar.1 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB00808.TBSB00808 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\TBSB00808.TBSB00808.3 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.TBSB00808 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.TBSB00808.1 Clé Supprimée : HKCU\Software\{C5C31551-23FC-4895-B1C7-E209163DECA5} Clé Supprimée : HKCU\Software\Conduit Clé Supprimée : HKCU\Software\freeTVRadio Clé Supprimée : HKCU\Software\Offerbox Clé Supprimée : HKCU\Software\Zugo Clé Supprimée : HKLM\SOFTWARE\Conduit Clé Supprimée : HKLM\SOFTWARE\FREEzeFrog Clé Supprimée : HKLM\SOFTWARE\Offerbox Clé Supprimée : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Clé Supprimée : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1 Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebplayerTool Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.chat-land.org] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] ***** [Navigateurs] ***** -\\ Internet Explorer v6.0.2900.2180 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v8.0 (fr) Profil : 5q9g8szi.default Fichier : C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\prefs.js C:\Documents and Settings\KAOKHAN.7BY-KAO\Application Data\Mozilla\Firefox\Profiles\5q9g8szi.default\user.js ... Supprimé ! Supprimée : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Supprimée : user_pref("CT2269050.CTID", "CT2269050"); Supprimée : user_pref("CT2269050.CurrentServerDate", "29-9-2010"); Supprimée : user_pref("CT2269050.DialogsAlignMode", "LTR"); Supprimée : user_pref("CT2269050.DownloadReferralCookieData", ""); Supprimée : user_pref("CT2269050.EMailNotifierPollDate", "Wed Sep 29 2010 12:53:13 GMT+0200"); Supprimée : user_pref("CT2269050.FirstServerDate", "29-9-2010"); Supprimée : user_pref("CT2269050.FirstTime", true); Supprimée : user_pref("CT2269050.FirstTimeFF3", true); Supprimée : user_pref("CT2269050.FirstTimeSettingsDone", true); Supprimée : user_pref("CT2269050.FixPageNotFoundErrors", true); Supprimée : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Supprimée : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Supprimée : user_pref("CT2269050.Initialize", true); Supprimée : user_pref("CT2269050.InitializeCommonPrefs", true); Supprimée : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1); Supprimée : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Supprimée : user_pref("CT2269050.InstalledDate", "Wed Sep 29 2010 12:53:13 GMT+0200"); Supprimée : user_pref("CT2269050.InvalidateCache", false); Supprimée : user_pref("CT2269050.IsGrouping", false); Supprimée : user_pref("CT2269050.IsMulticommunity", false); Supprimée : user_pref("CT2269050.IsOpenThankYouPage", false); Supprimée : user_pref("CT2269050.IsOpenUninstallPage", false); Supprimée : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Supprimée : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Supprimée : user_pref("CT2269050.LastLogin_2.7.0.14", "Wed Sep 29 2010 12:53:14 GMT+0200"); Supprimée : user_pref("CT2269050.LatestVersion", "2.7.2.0"); Supprimée : user_pref("CT2269050.Locale", "en"); Supprimée : user_pref("CT2269050.LoginCache", 4); Supprimée : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Supprimée : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Supprimée : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Supprimée : user_pref("CT2269050.RadioIsPodcast", false); Supprimée : user_pref("CT2269050.RadioLastCheckTime", "Wed Sep 29 2010 12:53:14 GMT+0200"); Supprimée : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Supprimée : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Supprimée : user_pref("CT2269050.RadioMediaID", "12473383"); Supprimée : user_pref("CT2269050.RadioMediaType", "Media Player"); Supprimée : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Supprimée : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Supprimée : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Supprimée : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties"); Supprimée : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Supprimée : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Supprimée : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Supprimée : user_pref("CT2269050.SearchInNewTabEnabled", true); Supprimée : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Supprimée : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Sep 29 2010 12:53:14 GMT+0200"); Supprimée : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Supprimée : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Supprimée : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Supprimée : user_pref("CT2269050.SettingsLastCheckTime", "Wed Sep 29 2010 12:53:12 GMT+0200"); Supprimée : user_pref("CT2269050.SettingsLastUpdate", "1285583098"); Supprimée : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Supprimée : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Sep 29 2010 12:53:12 GMT+0200"); Supprimée : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Supprimée : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Supprimée : user_pref("CT2269050.UserID", "UN86535344582989565"); Supprimée : user_pref("CT2269050.WeatherNetwork", ""); Supprimée : user_pref("CT2269050.WeatherPollDate", "Wed Sep 29 2010 12:53:14 GMT+0200"); Supprimée : user_pref("CT2269050.WeatherUnit", "C"); Supprimée : user_pref("CT2269050.alertChannelId", "666138"); Supprimée : user_pref("CT2269050.clientLogIsEnabled", false); Supprimée : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Supprimée : user_pref("CT2269050.myStuffEnabled", true); Supprimée : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Supprimée : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Supprimée : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Supprimée : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Supprimée : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Supprimée : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Supprimée : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Supprimée : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Supprimée : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Sep 29 2010 12:53:14 GMT+0200"); Supprimée : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); Supprimée : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...] Supprimée : user_pref("extensions.Fissa.Uninstall.lastRunTime", "Wed, 24 Nov 2010 12:31:40 GMT"); Supprimée : user_pref("extensions.Fissa.lastRunTime", "Tue, 23 Nov 2010 21:17:30 GMT"); Supprimée : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=aed&f=5"); Supprimée : user_pref("extensions.facemoods.aflt", "_#aed"); Supprimée : user_pref("extensions.facemoods.dfltSrch", false); Supprimée : user_pref("extensions.facemoods.dnsErr", false); Supprimée : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4"); Supprimée : user_pref("extensions.facemoods.firstRun", false); Supprimée : user_pref("extensions.facemoods.first_time", false); Supprimée : user_pref("extensions.facemoods.hmpg", false); Supprimée : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=aed"); Supprimée : user_pref("extensions.facemoods.id", "_#d024b30900000000000000219196a24e"); Supprimée : user_pref("extensions.facemoods.instlDay", "_#15270"); Supprimée : user_pref("extensions.facemoods.mntz", ""); Supprimée : user_pref("extensions.facemoods.newTab", false); Supprimée : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com"); Supprimée : user_pref("extensions.facemoods.searchProviderAdded", false); Supprimée : user_pref("extensions.facemoods.sid", "_#494c9e4faf7f411f9ecd9a746b6757f6"); Supprimée : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=aed&f=3"); Supprimée : user_pref("extensions.facemoods.uninst", true); Supprimée : user_pref("extensions.facemoods.update", "_#v1.4.0"); Supprimée : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11"); Supprimée : user_pref("id_webplayer_xpi.bubble_border", true); Supprimée : user_pref("id_webplayer_xpi.bubble_extended", false); Supprimée : user_pref("id_webplayer_xpi.bubble_height", "400"); Supprimée : user_pref("id_webplayer_xpi.bubble_screenx", "509"); Supprimée : user_pref("id_webplayer_xpi.bubble_screeny", "173"); Supprimée : user_pref("id_webplayer_xpi.bubble_scroll", "1"); Supprimée : user_pref("id_webplayer_xpi.bubble_src", "hxxp%3A//webplayer.tv/chainestool.html"); Supprimée : user_pref("id_webplayer_xpi.bubble_type", "0"); Supprimée : user_pref("id_webplayer_xpi.bubble_width", "340"); Supprimée : user_pref("id_webplayer_xpi.firstlaunch", "0"); Supprimée : user_pref("id_webplayer_xpi.guid", "%7B1B88CAA6-4EF3-119E-669C-C2984760CCE7%7D"); Supprimée : user_pref("id_webplayer_xpi.hiddenvisual", 0); Supprimée : user_pref("id_webplayer_xpi.popupblockedcnt", "1"); Supprimée : user_pref("id_webplayer_xpi.searchengine", "Google"); Supprimée : user_pref("id_webplayer_xpi.toolbarface", "%23000000"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar1", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar10", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar2", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar3", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar4", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar5", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar6", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar7", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar8", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.SVar9", "%13"); Supprimée : user_pref("id_webplayer_xpi.variables.Var1", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var10", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var2", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var3", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var4", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var5", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var6", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var7", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var8", "0"); Supprimée : user_pref("id_webplayer_xpi.variables.Var9", "0"); Supprimée : user_pref("id_webplayer_xpi_installed_version", "1.0.2"); Supprimée : user_pref("id_webplayer_xpi_tabpage", "hxxp%3A//webplayersearch.com/"); Supprimée : user_pref("keyword.URL", "hxxp://webplayersearch.com/resultats.html?s=earch"); -\\ Google Chrome v16.0.912.63 Fichier : C:\Documents and Settings\KAOKHAN.7BY-KAO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[s1].txt - [20861 octets] - [20/12/2011 11:19:16] ************************* Dossier Temporaire : 21 dossier(s)et 104 fichier(s) supprimés ########## EOF - C:\AdwCleaner[s1].txt - [21084 octets] ########## -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Rebonjour, Voilà le rapport MBAM: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 8401 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 20/12/2011 11:08:20 mbam-log-2011-12-20 (11-08-20).txt Type d'examen: Examen rapide Elément(s) analysé(s): 215628 Temps écoulé: 3 minute(s), 1 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 44 Valeur(s) du Registre infectée(s): 9 Elément(s) de données du Registre infecté(s): 11 Dossier(s) infecté(s): 20 Fichier(s) infecté(s): 31 Processus mémoire infecté(s): c:\program files\freezefrog\bin\2.0.15.0\freezefrogsa.exe (Adware.FreezeFrog) -> 2352 -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\program files\freezefrog\bin\2.0.15.0\freezefrogsahook.dll (Adware.FreezeFrog) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Dropper) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FREEZEFROGSA (Adware.FreezeFrog) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Not selected for removal. HKEY_CURRENT_USER\Software\freezefrogsa\actionurl_current_version (Adware.FreezeFrog) -> Value: actionurl_current_version -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790670B176545A35AB94 (Malware.Trace) -> Value: SRS_IT_E8790670B176545A35AB94 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FREEzeFrogSA (Adware.FreezeFrog) -> Value: FREEzeFrogSA -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1'>http://startsear.ch/?aff=1) Good: (http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/'>http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Dossier(s) infecté(s): c:\documents and settings\all users\application data\19772344 (Rogue.Multiple) -> Quarantined and deleted successfully. c:\documents and settings\all users.windows\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\documents and settings\kaokhan.7by-kao\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully. c:\documents and settings\all users.windows\application data\freezefrogsa (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\program files\freezefrog\bin\2.0.15.0 (Adware.FreezeFrog) -> Delete on reboot. Fichier(s) infecté(s): c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Not selected for removal. c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\documents and settings\kaokhan.7by-kao\local settings\Temp\Setup.exe (Adware.Dropper) -> Quarantined and deleted successfully. c:\program files\questscan\questscan.dll (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\freezefrog\bin\2.0.15.0\freezefrogsa.exe (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\19772344\19772344 (Rogue.Multiple) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\19772344\pc19772344ins (Rogue.Multiple) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully. c:\documents and settings\all users.windows\application data\freezefrogsa\freezefrogsa.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\documents and settings\all users.windows\application data\freezefrogsa\freezefrogsaau.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\documents and settings\all users.windows\application data\freezefrogsa\freezefrogsa_kyf.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\program files\freezefrog\bin\2.0.15.0\copyright.txt (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\program files\freezefrog\bin\2.0.15.0\freezefrogsacb.exe (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\program files\freezefrog\bin\2.0.15.0\freezefrogsahook.dll (Adware.FreezeFrog) -> Delete on reboot. c:\program files\freezefrog\bin\2.0.15.0\freezefroguninstaller.exe (Adware.FreezeFrog) -> Quarantined and deleted successfully. -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Parfait, j'ai décoché la case en question et j'ai pu obtenir le fichier Texte. Voici le lien de mon petit jardin secret >>>>>>>Lien CJoint.com 3LubTH7tZvK -
[Résolu] Saleté de grenouille
Khankao a répondu à un(e) sujet de Khankao dans Analyses et éradication malwares
Merci Mister Apollo pour cette prise en charge éclaire.. Malheureusement premier hic. J'ai suivi ta démarche, mais à la fin de l'analyse ZHPDiag (une fois qu'elle est complétée) le système "Freeze" et ne veut plus rien savoir.. Elle est de taille... -
Bonjour à tous, Je viens de découvrir que mon système était infecté par un virus répondant au nom de FreeZeFrog. Ne connaissant absolument pas cette grenouille, ni même les faits qui ont mené à son incarcération. Je vous sollicite afin de m'en débarrasser, si vous arrivez à dépasser mon humour douteux. Merci d'avance.