redirection ur mon PC - Virus/Spywares - Windows & Software
Marsh Posté le 27-07-2011 à 13:31:39
salut, passe un coup de TDSS-Killer
http://support.kaspersky.com/fr/faq/?qid=208280685
ça donne quoi après ça ?
Tu as quoi comme antivirus installé ?
Marsh Posté le 26-07-2011 à 22:56:48
Bonjour, je suis nouvelle dans le forum, c'est ma première participation, j'ai le même problème que plusieurs de redirection sur mon pc, dans les modules de recherche, je suis très intranquille, je ne veux pas perdre tout mon info et mes logicielles sur mon ordi.... je ne sais pas quoi faire!!!
mes reports sont les suivants:
____________________________________________________________
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Versión de la Base de Datos: 7028
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06/07/2011 11:58:25 p.m.
mbam-log-2011-07-06 (23-58-25).txt
Tipos de Análisis: Análisis Completo (C:\|F:\|)
Objetos examinados: 443459
Tiempo transcurrido: 3 hora(s), 43 minuto(s), 44 segundo(s)
Procesos en Memoria Infectados: 2
Módulos de Memoria Infectados: 1
Claves del Registro Infectadas: 39
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Archivos Infectados: 11
Procesos en Memoria Infectados:
c:\documents and settings\all users\datos de programa\questscan\questscan147.exe (Adware.Agent.ZGen) -> 1312 -> Unloaded process successfully.
c:\archivos de programa\questscan\questscan.exe (Adware.Agent.ZGen) -> 3112 -> Unloaded process successfully.
Módulos de Memoria Infectados:
c:\archivos de programa\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.
Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
c:\documents and settings\A\datos de programa\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
Archivos Infectados:
c:\archivos de programa\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.
c:\documents and settings\all users\datos de programa\questscan\questscan147.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\archivos de programa\questscan\questscan.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\archivos de programa\shoppingreport2\Bin\2.7.37\shoppingreport.dll (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\archivos de programa\HBLite\bin\11.0.384.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095391.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095392.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095434.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095439.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095441.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095442.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
__________________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2011 at 07:52 PM
Application Version : 4.54.1000
Core Rules Database Version : 7351
Trace Rules Database Version: 5163
Scan type : Complete Scan
Total Scan Time : 01:24:47
Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 9452
Registry threats detected : 5
File items scanned : 31548
File threats detected : 0
Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
______________________________________
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Archivos de programa\Ad-Remover\main.exe (SCAN [3]) -> Launched at 00:26:11 on 14/07/2011, Normal boot
Microsoft Windows XP Home Edition Service Pack 3 (X86)
A@DISEÑO ( )
============== SEARCH ==============
Folder found: C:\Documents and Settings\All Users\Datos de programa\PopCap Games
Folder found: C:\Documents and Settings\All Users\Menú Inicio\Programas\PopCap Games
Folder found: C:\Archivos de programa\PopCap Games
Key found: HKLM\Software\PopCap
Key found: HKCU\Software\PopCap
============== ADDITIONNAL SCAN ==============
-- C:\Documents and Settings\A\Datos de programa\Mozilla\FireFox\Profiles\v8u6orf8.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://qc.yahoo.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1
========================================
**** Google Chrome Version [12.0.742.112] ****
-- C:\Documents and Settings\A\Configuración local\Datos de programa\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: false
Plugin - RealJukebox NS Plugin (Enabled: true) (C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll)
Plugin - "RealJukebox NS Plugin" (Enabled: true)
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|SearchMigratedDefaultURL - hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU_Main|Search bar - hxxp://www.google.com/ie
HKCU_Main|Search Page - hxxp://www.google.com
HKCU_Main|Start Page - hxxp://www.google.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} - "QuestScan" (hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms})
HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x)
HKCU_Toolbar\WebBrowser|{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} (x)
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (x)
HKCU_Toolbar\WebBrowser|{A057A204-BACC-4D26-9990-79A187E2698E} (x)
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll)
HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Archivos de programa\Norton 360\Engine\5.0.0.125\symerr.exe (x)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Windows Live Aplicación auxiliar de inicio de sesión" (C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
========================================
C:\Archivos de programa\Ad-Remover\Quarantine: 0 File(s)
C:\Archivos de programa\Ad-Remover\Backup: 2 File(s)
C:\Ad-Report-SCAN[1].txt - 06/07/2011 13:14:12 (3966 Byte(s))
C:\Ad-Report-SCAN[2].txt - 06/07/2011 20:13:20 (8313 Byte(s))
C:\Ad-Report-SCAN[3].txt - 14/07/2011 00:26:36 (3692 Byte(s))
End at: 00:29:31, 14/07/2011
============== E.O.F ==============
______________________________________________________
J’ai aussi passe CCleaner, mais sans résultat, mon ordi continue a me rediriger, je ne peux rien faire et j'ai besoin de travailler, est-ce que qqn peut m'aider svp?