Se connecter / S'enregistrer
Votre question

Enlever Virtumonde

Tags :
  • Adware
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Juillet 2011 13:28:29

Bonjour , aujourd'hui en faisant une petite recherche avec Spybot , j'ai découvert un "trojan" se nommant "Virtumonde" .
J'aimerais bien le supprimer mais étant pas très fort en informatique j'en appel à votre aide

En vous remerciant d'avance :hello: 

Autres pages sur : enlever virtumonde

4 Juillet 2011 15:06:53

Bonjour

Citation :
j'ai découvert un "trojan" se nommant "Virtumonde" .

A quel endroit se trouve t-il ?
5 Juillet 2011 01:43:08

Je ne sait pas à quel endroit exactement c'est juste pendant une vérification de menace sur mon ordinateur j'ai pus apercevoir un certain "Virtumonde.sci".
Après des recherches , j'ai su que c'était un trojan publicitaire
Contenus similaires
5 Juillet 2011 07:00:58

Bonjour

Si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :



  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen rapide".
  • Afin de lancer la recherche, clic sur " Rechercher ".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
  • Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
  • Si des infections sont présentes, clic sur "Afficher les résultats"
    puis sur "Supprimer la sélection".

    Enregistre le rapport sur ton Bureau.
  • Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.



    Télécharge OTL sur ton Bureau.

  • Prends le soin de fermer toutes les autres fenêtres Windows afin de ne pas interrompre le scan.
  • Double-clique sur OTL.exe pour le lancer.Sous Windows Vista/7, faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
  • L'écran principal de OTL s'affiche:



    (1) Si ce n'est déjà fait, dans le paragraphe Registre: Approfondi, cocher le bouton-radio Avec liste blanche

    (2) Coche (en haut) la case située devant Tous les utilisateurs

    (3) Coche également les cases à côté de Recherche Lop et Recherche purity.

    (4) Sélectionne très précisément tout ce qui est en gras avec la souris et copie/colle le contenu dans la zone Personnalisation de la fenêtre OTL


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    VolSnap.sys
    /md5stop



    (5) Puis cliquer sur le bouton Analyse

    - Laisser l'outil travailler sans l'interrompre.

  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)

    Utilise le site http://pjjoint.malekal.com/ pour envoyer tes rapports, et poste le lien dans ta prochaine réponse.
    5 Juillet 2011 18:00:14

    Bonjour , excuser moi pour la lenteur de ma réponse voila le rapport Malwarebytes:


    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Version de la base de données: 7027

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    05/07/2011 17:25:34
    mbam-log-2011-07-05 (17-25-34).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 158955
    Temps écoulé: 3 minute(s), 4 seconde(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 86
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 24
    Fichier(s) infecté(s): 42

    Processus mémoire infecté(s):
    c:\Users\alain\AppData\Roaming\install\server.exe (Trojan.Agent) -> 4088 -> Unloaded process successfully.
    c:\install\server.exe (Trojan.Agent) -> 5844 -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    c:\Users\alain\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\getprocaddress.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8C640049-E81C-CC96-66AB-56D5830B985F} (Trojan.Zbot) -> Value: {8C640049-E81C-CC96-66AB-56D5830B985F} -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790777B0765A5730AC98 (Malware.Trace) -> Value: SRS_IT_E8790777B0765A5730AC98 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\programdata\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\Users\alain\AppData\Roaming\install\server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\getprocaddress.dll (Trojan.Agent) -> Delete on reboot.
    c:\install\server.exe (Trojan.Agent) -> Delete on reboot.
    c:\Users\alain\AppData\Roaming\Uxcee\isyqv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\smrrs.exe (Backdoor.Agent.VB) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\svmrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\svmss.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\8hczvdd42fk.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\alain\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
    c:\Users\alain\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Delete on reboot.
    c:\Users\alain\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
    c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    c:\program files\questbrwsearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.






    Et voila OTL : http://pjjoint.malekal.com/files.php?id=55200b8df21387
    Et Extras : http://pjjoint.malekal.com/files.php?id=ce5e36e9c61588

    Merci encore pour votre aide
    5 Juillet 2011 18:53:59

    Hello glap

    Tu as regardé les liens des rapports OTL que tu m'as posté je ne sais pas déchiffrer le martien [:_sebastien_:9]
    a c 267 8 Sécurité
    5 Juillet 2011 20:42:15

    Bonjour,

    Je te conseille de changer tes mots de passe.
    5 Juillet 2011 20:47:27

    Comment sa ? Quel est le problème ?
    a c 267 8 Sécurité
    5 Juillet 2011 20:53:41

    Dans les infections que tu avais, certaines permettent le vol de données (dont les mots de passe).
    6 Juillet 2011 19:37:20

    Bonjour

    Merci destrio

    @glap Fais ce qui suit

    Désactiver TeaTimer de spybot qui ne sert à rien et peut faire échouer une désinfection:!
    Affiche d'abord le Mode Avancé dans Spybot
    Options Avancées :
    menu Mode
    -Mode Avancé. Une colonne de menus apparaît dans la partie gauche :
    clique sur Outils
    clique sur Résident
    -Dans Résident :
    décoche Résident "TeaTimer" pour le désactiver.


    Désactive ton antivirus

    Relance OTL.exe.

    Fais un double clic sur l'icône pour le lancer.Sous Windows Vista/7, faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

    Sélectionne très précisément tout ce qui est dans le cadre ci dessous depuis RAS , avec la souris et copie le contenu dans la zone "Personnalisation" de la fenêtre OTL

    RAS
    :Files
    C:\Users\alain\AppData\Roaming\cglogs.dat
    C:\ProgramData\ezsidmv.dat
    C:\Users\alain\AppData\Roaming\chrtmp
    C:\Users\alain\AppData\Roaming\cglogs.dat
    C:\Users\alain\AppData\Roaming\system32\explorer.exe
    C:\Users\alain\AppData\Roaming\system32

    :OTL
    PRC - [2011/01/22 19:52:04 | 000,466,944 | ---- | M] () -- C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dofus hack v2.1.Exe
    FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
    FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
    FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKU\.DEFAULT..\Run: [fsc-reg] File not found
    O4 - HKU\S-1-5-18..\Run: [fsc-reg] File not found
    O4 - Startup: C:\Users\alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dofus hack v2.1.Exe ()
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\*.job
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp

    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler sans te servir du PC!!!!!
  • Copie et colle le rapport dans ta réponse stp

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS