Infection antivirus xp (Résolu)

[lecool]

Sinon il y a une fenetre qui dit maitenant MBAM est déjà

en cours d'execution...

 

P.S: J'avais un anti malware installé je ne me souviens plus du nom quelque chose comme super malware...

 

je suis en mode sans echec

 

 

edit: pour la seconde fenetre j'avais ouvert deux fois MBAM désolé

Modifié le 9 juin 2011 par lecool

[Apollo]

Pour la mise a jour de MBAM , j'ai un message qui dit :Une erreur s'est produite, Vuillez transmettre ce code d'erreur â notre équipe de support.

 

PROGRAM_ERROR_UPDATING(11001,0,Host not found)

 

Hôte inconnu

 

Bah c'est malin si tu lances deux fois l'outil; faut le mettre à jour avant et si problème de mises à jour, j'ai donné le truc dans mon explication.

 

Tu as Superantispyware? Inutile avec MBAM, qui est bien plus fort.

 

Laisse faire l'analyse et poste le rapport après avoir fixé ce qu'il a trouvé.

 

@++

[lecool]

Voici le rapport MBAM

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Version de la base de données: 6821

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

6/9/2011 4:11:25 PM

mbam-log-2011-06-09 (16-11-25).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 221194

Temps écoulé: 23 minute(s), 34 seconde(s)

 

Processus mémoire infecté(s): 3

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 75

Valeur(s) du Registre infectée(s): 13

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 42

Fichier(s) infecté(s): 83

 

Processus mémoire infecté(s):

c:\program files\HBLite\bin\11.0.363.0\HBLiteSA.exe (Adware.Hotbar) -> 1884 -> Unloaded process successfully.

c:\program files\questscan\questscan.exe (Adware.QuestScan) -> 3792 -> Unloaded process successfully.

c:\documents and settings\all users\application data\questscan\questscan133.exe (Adware.QuestScan) -> 1952 -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

c:\program files\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.

c:\program files\HBLite\bin\11.0.363.0\hblitesahook.dll (Adware.HotBar) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Malware.Packer.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.QuestScan) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\3XQZ6EO4AP (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INPUT MANAGER (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCAL ACCOUNT AUTHORITY SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUG MANAGER (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBLiteSA (Adware.Hotbar) -> Value: HBLiteSA -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority Service\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

c:\documents and settings\ALI\application data\Dir (Backdoor.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\ALI (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\application data (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\ALI (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\application data (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.668.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.668.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\HBLite (Adware.Hotbar) -> Delete on reboot.

c:\program files\HBLite\bin (Adware.Hotbar) -> Delete on reboot.

c:\program files\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> Delete on reboot.

c:\program files\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Delete on reboot.

c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Delete on reboot.

c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Delete on reboot.

c:\documents and settings\all users\menu démarrer\programmes\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu démarrer\programmes\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\program files\questscan\questscan.dll (Adware.Agent.ZGen) -> Delete on reboot.

c:\program files\HBLite\bin\11.0.363.0\HBLiteSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\HBLite\bin\11.0.363.0\hblitesahook.dll (Adware.HotBar) -> Delete on reboot.

c:\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.SmartShopper) -> Delete on reboot.

c:\program files\HBLite\bin\11.0.363.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\0.3135033419624973.exe.vir (Trojan.Agent.A) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\334f.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\cfm.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\cfq.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\chabaa.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\conima.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\ehu.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\eqg.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\lssas.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\manager.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\mdapins.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\oh01830jnfem01830.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\vbs.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\vtebtz.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\Bureau\rk_quarantine\xbseryrwdjulo.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\local settings\application data\ehu.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\local settings\application data\eqg.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\local settings\application data\vbs.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\17620772.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\exktsjdkrdaqskx.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\xbseryrwdjulo.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\oh01830jnfem01830\oh01830jnfem01830.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\BAYA\Bureau\rk_quarantine\6a5d.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files\HBLite\bin\11.0.363.0\hbliteuninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReports2) -> Quarantined and deleted successfully.

c:\WINDOWS\mdapins.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\WINDOWS\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\lcs8t9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ln9y4cg.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nzunj11ez3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\16117.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\16512.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\16535.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\18016.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\19515.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\19622.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\484AA.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\51520.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\7356.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\program files\questscan\questscan.exe (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\questscan\questscan133.exe (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\Dir\Dated.dat (Backdoor.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\Adobe\plugs\mmc66.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\local settings\application data\Input.bat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\local settings\application data\localaccountauthority.bat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\local settings\application data\Plug.bat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA\hblitesa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\ALI\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.668.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\WINDOWS\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.

[Apollo]

Wow! Ton pc doit se sentir mieux non?

 

Fais ces vérifications de sécurité stp:

 

Apollo Et Compagnie A vérifier de temps en temps, important!

 

Le PSI n'est pas obligatoire bien sûr mais il peut se révéler utile pour connaître les failles dans diverses applications.

 

@++

[lecool]

Merci beaucoup Apollo

 

Une dernière chose si vous le permettez : Comment récuperer toutes les icônes...

 

 

tous les dossiers sont vides , mes documents, tous les programmes, ma musique...etc...

 

Alors lâ mon bureau est etrangement vide...

Modifié le 9 juin 2011 par lecool

[Apollo]

Ah oui, embêtant ça, on n'a pas encore utilisé Unhide?

 

Télécharger Unhide de Grinler et l'enregistrer sur le bureau.

 

Double-clique, (Sous Vista/7, clic droit/exécuter en temps qu'administrateur) sur l'icône.

 

Laisse travailler l'outil puis le pc devra être redémarré.

 

Vérifie si les dossiers sont réapparus.

 

Sinon, Faire apparaître les dossiers/fichiers cachés: Afficher les dossiers/fichiers cachés sous XP

 

Chercher les dossiers qui devraient normalement apparaître, faire un clic droit dessus/propriétés et décocher la case "caché", Appliquer, Ok.

 

@++

[lecool]

Apollo vous êtes genial...

 

tout est O.K dire que j'alais le formater...

 

mille merci ......

[Apollo]

C'est l'expert qui a créé cet outil qui est génial, moi je ne fais que le faire utiliser.

 

N'oublie pas ceci: Apollo Et Compagnie A vérifier de temps en temps, important! Très important.

 

Désactiver la Restauration Système.

 

Menu Démarrer/Tous les programmes/Accessoires/Outils Système/

 

Cliquer sur Restauration Système.

 

Cliquer sur "Paramètres de la restauration du système; cocher la case: "Désactiver la Restauration du système sur tous les lecteurs"

Appliquer/OK.

 

Pour réactiver la Restauration système, suivre le même chemin et décocher la case. Appliquer/OK.

 

Un nouveau point de restauration sera automatiquement créé.

 

-------------------

Pour désinstaller les outils utilisés:

 

Télécharger ToolsCleaner! (par A.Rothstein & dj QUIOU) ] pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

 

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

 

Options facultatives

 

A utiliser si vous le souhaitez :

 

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

 

Mettre ToolsCleaner2 à la corbeille.

 

-------------------------

Enfin si tout va bien,

 

• Pense à éditer ton premier post pour ajouter "Résolu" dans le titre. Pour cela clique sur "Modifier" dans ton premier post. Tu pourras alors changer le titre.

 

Utilise pour ça, l'éditeur complet