Avast WEBforum
Non-English Zone => Francais => Topic started by: Muimui on September 30, 2013, 11:24:35 PM
-
bonjour
depuis plusieurs jours maintenant quand je vais sur mes sites habituels l'équipe faceb00k... des popsup s'ouvrent et avast me bloque ces pages en me disant:
cheval de troie bloqué :
le nom d'une page web : http://ahizz.movies-online.squrrel.com/npytsurveyNoTOV.html (ou autre)
menace: HTML/RedirME-inf[Trj]
j'ai lancé un scan : rien n'a été détecté
cela signifie-t-il que mon ordinateur est infecté ?
quelle est la marche à suivre ?
-
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
Hello
Thx for your answer
Here is the ODT report (I don't find the Extra ?)
http://textup.fr/71870Pp (http://textup.fr/71870Pp)
-
Let me know if this fixes it :)
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0F0AyCyDtAyCyC0EzyyEtN0D0Tzu0CyDtCtCtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1212408644&ir=
[2011/09/07 18:12:00 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Céline\AppData\Roaming\Mozilla\Firefox\Profiles\6rlf8bfb.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKU\S-1-5-21-1801811131-2594106703-2017142490-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1801811131-2594106703-2017142490-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - File not found
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
hello
this is the report
http://textup.fr/71911GT (http://textup.fr/71911GT)
thank you for your help ( Can you explain me what you did ?
-
start.mysearchdial.com this was the problem it was set as your main page in IE along with the search .. Have the alerts now ceased ?
-
I thought everything was OK but
another alert came ...
cheval de troie HTML/RedirME-inf[Trj]
but with another website
-
cheval de troie HTML/RedirME-inf[Trj] this indicates a web site infection. There is a script that attempts to redirect to an advertising site on that site
-
What can i do to preserve me against these "attacks" ?
Today another one called URL:Mal2
-
Webshield is blocking the attempted redirect so you are safe
WebShield bloque la tentative de redirection alors que vous êtes en sécurité
-
OK THX
But it happens on the websites i visit everyday; when i click on a link an add appears and then the messages...
Before i didn't had any problems
-
OK lets look in a different area
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
- Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- post the contents of JRT.txt into your next message.