redirection ur mon PC

redirection ur mon PC - Virus/Spywares - Windows & Software

Marsh Posté le 26-07-2011 à 22:56:48    

Bonjour, je suis nouvelle dans le forum, c'est ma première participation, j'ai le même problème que plusieurs de redirection sur mon pc, dans les modules de recherche, je suis très intranquille, je ne veux pas perdre tout mon info et mes logicielles sur mon ordi.... je ne sais pas quoi faire!!!  
 
 mes reports sont les suivants:  
 
____________________________________________________________  
 
 
Malwarebytes' Anti-Malware 1.51.0.1200  
www.malwarebytes.org  
 
Versión de la Base de Datos: 7028  
 
Windows 5.1.2600 Service Pack 3  
Internet Explorer 8.0.6001.18702  
 
06/07/2011 11:58:25 p.m.  
mbam-log-2011-07-06 (23-58-25).txt  
 
Tipos de Análisis: Análisis Completo (C:\|F:\|)  
Objetos examinados: 443459  
Tiempo transcurrido: 3 hora(s), 43 minuto(s), 44 segundo(s)  
 
Procesos en Memoria Infectados: 2  
Módulos de Memoria Infectados: 1  
Claves del Registro Infectadas: 39  
Valores del Registro Infectados: 2  
Elementos de Datos del Registro Infectados: 0  
Carpetas Infectadas: 1  
Archivos Infectados: 11  
 
Procesos en Memoria Infectados:  
c:\documents and settings\all users\datos de programa\questscan\questscan147.exe (Adware.Agent.ZGen) -> 1312 -> Unloaded process successfully.  
c:\archivos de programa\questscan\questscan.exe (Adware.Agent.ZGen) -> 3112 -> Unloaded process successfully.  
 
Módulos de Memoria Infectados:  
c:\archivos de programa\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.  
 
Claves del Registro Infectadas:  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.ZGen) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.  
 
Valores del Registro Infectados:  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.  
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.  
 
Elementos de Datos del Registro Infectados:  
(No se han detectado elementos maliciosos)  
 
Carpetas Infectadas:  
c:\documents and settings\A\datos de programa\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.  
 
Archivos Infectados:  
c:\archivos de programa\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.  
c:\documents and settings\all users\datos de programa\questscan\questscan147.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.  
c:\archivos de programa\questscan\questscan.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.  
c:\archivos de programa\shoppingreport2\Bin\2.7.37\shoppingreport.dll (Adware.ShoppingReport2) -> Quarantined and deleted successfully.  
c:\archivos de programa\HBLite\bin\11.0.384.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.  
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095391.dll (Adware.Agent.ZGen) -> Quarantined and deleted successfully.  
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095392.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.  
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095434.dll (Adware.Hotbar) -> Quarantined and deleted successfully.  
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095439.dll (Adware.Hotbar) -> Quarantined and deleted successfully.  
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095441.exe (Adware.Hotbar) -> Quarantined and deleted successfully.  
c:\system volume information\_restore{6221a8cf-9bff-4140-9151-de4b430eb617}\RP215\A0095442.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.  
 
 
__________________________________________________  
 
SUPERAntiSpyware Scan Log  
http://www.superantispyware.com  
 
Generated 07/05/2011 at 07:52 PM  
 
Application Version : 4.54.1000  
 
Core Rules Database Version : 7351  
Trace Rules Database Version: 5163  
 
Scan type       : Complete Scan  
Total Scan Time : 01:24:47  
 
Memory items scanned      : 562  
Memory threats detected   : 0  
Registry items scanned    : 9452  
Registry threats detected : 5  
File items scanned        : 31548  
File threats detected     : 0  
 
Adware.MyWebSearch/FunWebProducts  
 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}  
 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid  
 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32  
 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib  
 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version  
 
______________________________________  
 
 
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======  
 
Updated by TeamXscript on 12/04/11  
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com  
website: http://www.teamxscript.org  
 
C:\Archivos de programa\Ad-Remover\main.exe (SCAN [3]) -> Launched at 00:26:11 on 14/07/2011, Normal boot  
 
Microsoft Windows XP Home Edition Service Pack 3 (X86)  
A@DISEÑO ( )  
   
============== SEARCH ==============  
 
 
Folder found: C:\Documents and Settings\All Users\Datos de programa\PopCap Games  
Folder found: C:\Documents and Settings\All Users\Menú Inicio\Programas\PopCap Games  
Folder found: C:\Archivos de programa\PopCap Games  
 
Key found: HKLM\Software\PopCap  
Key found: HKCU\Software\PopCap  
 
 
============== ADDITIONNAL SCAN ==============  
 
-- C:\Documents and Settings\A\Datos de programa\Mozilla\FireFox\Profiles\v8u6orf8.default --  
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)  
Prefs.js - browser.search.defaultenginename, Google  
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=  
Prefs.js - browser.search.selectedEngine, Google  
Prefs.js - browser.startup.homepage, hxxp://qc.yahoo.com/  
Prefs.js - browser.startup.homepage_override.mstone, rv:1.8.1  
 
========================================  
 
**** Google Chrome Version [12.0.742.112] ****  
 
 
-- C:\Documents and Settings\A\Configuración local\Datos de programa\Google\Chrome\User Data\Default --  
Preferences - default_search_provider: "Google" (Enabled: true) (?)  
Preferences - homepage: hxxp://www.google.com  
Preferences - homepage_is_newtabpage: false  
Plugin - RealJukebox NS Plugin (Enabled: true) (C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll)  
Plugin - "RealJukebox NS Plugin" (Enabled: true)  
 
========================================  
 
**** Internet Explorer Version [8.0.6001.18702] ****  
 
HKCU_Main|SearchMigratedDefaultURL - hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8  
HKCU_Main|Search bar - hxxp://www.google.com/ie  
HKCU_Main|Search Page - hxxp://www.google.com  
HKCU_Main|Start Page - hxxp://www.google.com/  
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157  
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896  
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896  
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157  
HKCU_SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} - "QuestScan" (hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms})  
HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x)  
HKCU_Toolbar\WebBrowser|{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} (x)  
HKCU_Toolbar\WebBrowser|{47833539-D0C5-4125-9FA8-0819E2EAAC93} (x)  
HKCU_Toolbar\WebBrowser|{A057A204-BACC-4D26-9990-79A187E2698E} (x)  
HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll)  
HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Archivos de programa\Norton 360\Engine\5.0.0.125\symerr.exe (x)  
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)  
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)  
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)  
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)  
BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL)  
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Windows Live Aplicación auxiliar de inicio de sesión" (C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)  
 
========================================  
 
C:\Archivos de programa\Ad-Remover\Quarantine: 0 File(s)  
C:\Archivos de programa\Ad-Remover\Backup: 2 File(s)  
 
C:\Ad-Report-SCAN[1].txt - 06/07/2011 13:14:12 (3966 Byte(s))  
C:\Ad-Report-SCAN[2].txt - 06/07/2011 20:13:20 (8313 Byte(s))  
C:\Ad-Report-SCAN[3].txt - 14/07/2011 00:26:36 (3692 Byte(s))  
 
End at: 00:29:31, 14/07/2011  
   
============== E.O.F ==============  
 
 
______________________________________________________  
 
J’ai aussi passe CCleaner, mais sans résultat, mon ordi continue a me rediriger, je ne peux rien faire et j'ai besoin de travailler, est-ce que qqn peut m'aider svp?
 

Reply

Marsh Posté le 26-07-2011 à 22:56:48   

Reply

Marsh Posté le 27-07-2011 à 13:31:39    

salut, passe un coup de TDSS-Killer
http://support.kaspersky.com/fr/faq/?qid=208280685
 
ça donne quoi après ça ?
 
Tu as quoi comme antivirus installé ?


---------------
Des trucs - flickr - Instagram
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed