Personal Internet Security 2011

Résolu/Fermé
fatima - Modifié par irongege le 1/01/2011 à 15:40
 Beaubec - 19 janv. 2011 à 21:02
Bonjour,

quelqu'un connait Personal Internet Security 2011 ?

mon pc affiche plein d'avertissement, tentative de vol d'identité...

j'ai télécharger spyhunter 4 pour nettoyer mon pc mais je sais pas si c'est une bonne idée.

merci pour vos conseils...

Fatima

A voir également:

44 réponses

juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
31 déc. 2010 à 22:39
Hello,

ah non, pas une bonne idée :)

▶ Télécharge sur le bureau RogueKiller (par tigzy)

▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )

▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Lorsque demandé, tape 2 et valide
▶ Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois.

Note: s'il te demande de supprimer le proxy, tape 1

Puis:

▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.

▶ ▶ Miroir si inaccessible


▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
Une fois la mise à jour terminée
▶ rends-toi dans l'onglet Recherche
▶ Sélectionne Exécuter un examen complet
▶ Clique sur Rechercher
▶ ▶ Le scan démarre.
▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
▶ Clique sur Ok pour poursuivre.
▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
▶ Tu clique dessus pour l'afficher, une fois affiché
▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

@+ :)
0
Merci! Par contre avant tout, dois-je d'abord desinstaller spyhunter...?? :-(

désolée je suis nule en informatique...
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
31 déc. 2010 à 22:44
on s'en occupera plus tard ;)
0
ok
0
RogueKiller V3.6.0 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) version 32 bits
Mode: Remove -- Time : 31/12/2010 23:01:15

Bad processes:

Deregistred:
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:25382
Task -> {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job : C:\Users\MIMI\AppData\Local\Temp\Jcj.exe
Task -> {66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job : C:\Users\MIMI\AppData\Local\Temp\Jcc.exe

Fichier HOSTS:
127.0.0.1 localhost
::1 localhost


Finished
0
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5429

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

01/01/2011 01:18:54
mbam-log-2011-01-01 (01-18-54).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 384469
Temps écoulé: 1 heure(s), 56 minute(s), 5 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 31
Fichier(s) infecté(s): 94

Processus mémoire infecté(s):
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 2024 -> Unloaded process successfully.
c:\programdata\1a415a\pi1a4_289.exe (Rogue.InternetSecuritySuite) -> 3984 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DEALIO@MYBROWSERBAR.COM (PUP.Dealio) -> Value: DEALIO@MYBROWSERBAR.COM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\INSTALL.RDF (PUP.Dealio) -> Value: INSTALL.RDF -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Personal Internet Security 2011 (Rogue.InternetSecuritySuite) -> Value: Personal Internet Security 2011 -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=289&q={searchTerms}) Good: (https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\Users\MIMI\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.530.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\Users\MIMI\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar (PUP.Dealio) -> Delete on reboot.
c:\program files\dealio toolbar\FF (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE (PUP.Dealio) -> Delete on reboot.
c:\program files\dealio toolbar\IE\4.1 (PUP.Dealio) -> Delete on reboot.
c:\program files\dealio toolbar\FF\chrome (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\Users\MIMI\AppData\Roaming\personal internet security 2011 (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Windows\Temp\QUE7A3A.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\install.rdf (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\widgitoolbarplugin.css (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Delete on reboot.
c:\program files\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\dealio@mybrowserbar.com (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\login.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\login.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\parser.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\rsstickerwidget.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\searchbox.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\searchbox.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\utils.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgichevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgicomm.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgihandling.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgilisteners.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgiui.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\searchbox.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\yahoo-search.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\searchbox.css (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\chevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\chevron.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\splitter.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\Users\MIMI\downloads\popularscreensavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\programdata\1a415a\pi1a4_289.exe (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.
c:\Users\MIMI\AppData\Roaming\personal internet security 2011\instructions.ini (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\Users\MIMI\AppData\Roaming\microsoft\Windows\start menu\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\Users\MIMI\Desktop\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\Users\MIMI\AppData\Roaming\microsoft\Windows\start menu\Programs\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 01:26
répond par le bouton vert répondre

fais ceci stp :

Nous allons effectuer un diagnostic de ton PC:
Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau"<gras> et décoche la case <gras>"Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html

▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

@+
0
je n'arrive pas à executer le programme...

"createProcess a echoué; code 740. L'opération demandée nécessite une élévation"
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 01:34
Lis tout :)

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
oups! autant pour moi... :-)
0
voilà! :-D
alors docteur... :-P

http://www.cijoint.fr/cjlink.php?file=cj201101/cijsjy63DB.txt
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 01:51
Huuuuuuummmmmmmm diagnostic très parlant, encore bien infecté :s

Tu as plusieurs adwares....

Tu as installé des programmes EoRezo, sais-tu que le service transmet certaines informations ? comme par exemple ton adresse, numéro de télephone qui ont été saisis lors de l'inscription ?
EoRezo modifie aussi ta page de démarrge vers lo.st, il se peux aussi que ce site transmettent certaines informations.

Pour plus d'informations se reporter à cette page : https://forum.malekal.com/viewtopic.php?t=18245&start=

On va éradiquer tout ça :

Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )

/!\ Ferme toutes applications en cours /!\

▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
▶ Sur la page, clique sur le bouton « Nettoyer »
▶ Confirme lancement du scan
▶ Laisse travailler l'outil.
▶ Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

@+ (:
0
waw! ça fait peur ... Je connaissais pas du tout EoRezo... J'arrive pas à savoir comment il s'est retrouvé dans mon pc

Bon ben je me remets au travail :-)
0
======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 22/12/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:58:45 le 01/01/2011, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
MIMI@PC-DE-BUREAU (Hewlett-Packard HP Pavilion dv7 Notebook PC)

============== ACTION(S) ==============


Fichier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Dossier supprimé: C:\Users\MIMI\Music\Imesh
Dossier supprimé: C:\Program Files\Ask.com
Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\Dealio
Dossier supprimé: C:\Program Files\Application Updater
Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\Search Settings
Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\ShopperReports3
Dossier supprimé: C:\Program Files\Common Files\Spigot
Dossier supprimé: C:\Users\MIMI\AppData\Roaming\OfferBox
Dossier supprimé: C:\Program Files\OfferBox
Dossier supprimé: C:\Program Files\iMesh Applications
Fichier supprimé: C:\Users\MIMI\Downloads\BandooV6(2).exe
Fichier supprimé: C:\Users\MIMI\Downloads\BandooV6.exe
Fichier supprimé: C:\Users\MIMI\Downloads\iMeshV10fr.exe

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Toolbar.CT2102473
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2405723
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Application Updater
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\Search Settings
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKCU\Software\iMesh
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\Dealio
Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings
Clé supprimée: HKLM\Software\Classes\Installer\Products\01B38F1CBEB0f574BB2A2E530BB28962
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\01B38F1CBEB0f574BB2A2E530BB28962
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96E2118A-4E63-4D7B-901C-48B23B89929C}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{96E2118A-4E63-4D7B-901C-48B23B89929C}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [8.0.6001.18999] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: $ActiveDomain/page/blank/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

========================================

C:\Program Files\Ad-Remover\Quarantine: 90 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 01/01/2011 (4467 Octet(s))

Fin à: 02:00:28, 01/01/2011

============== E.O.F ==============
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 02:14
Excellent il a bien travaillé AD-Remover, très bien même ;)

Refais un ZHPDiag à héberger sur cijoint ;)

@+
0
Super!

Alors re-ZHPDiag :-)
0
http://www.cijoint.fr/cjlink.php?file=cj201101/cij1kajYVr.txt
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 02:34
Bon, on va s'occuper de spyhunter que t'as téléchargé :P

Lis ceci : http://assiste.com.free.fr/p/craptheque/spyhunter.html

On va le désinstaller :

▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {41EBC322-660F-4D16-A0DF-53147210CBDB}     



▶ Puis Lance ZHPFix depuis le raccourci du bureau .

▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

▶ Copie/Colle le rapport à l'écran dans ton prochain message

▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

accepte la désinstallation bien sur et redémarre ton pc puis refait un zhpdiag tout propre et on supprimera le reste ;)

@+
0
Me laisser pas toute seule avec mon ordinateur "espion". Je lui fais plus confiance :-(
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 02:38
Je fais la "garde de nuit" ce soir ;)

m'en fou c'est payé double mouhahaha

mince on est bénévoles, j'me suis brisé tout seul là \o/ MDR
0
loooool! Vous êtes trop fort en plus avec une pointe d'humour!! J'adooore ce site!! :-D
0
Voilà le rapport...

Rapport de ZHPFix 1.12.3233 par Nicolas Coolman, Update du 30/12/2010
Fichier d'export Registre :
Run by MIMI at 01/01/2011 02:41:05
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Logiciel(s) ==========
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {41EBC322-660F-4D16-A0DF-53147210CBDB} => Logiciel supprimé avec succès


========== Récapitulatif ==========
1 : Logiciel(s)


End of the scan
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 02:43
bien redémarre, refais un zhpdiag pour voir :D
0
http://www.cijoint.fr/cjlink.php?file=cj201101/cijOZCw4it.txt

alors? bonne nouvelle?
0
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 janv. 2011 à 02:59
oups dans le script ZHPFix j ai oublié ceci:

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHot0.dll
[HKCU\Software\AppDataLow\Software\Conduit]   

0
Rapport de ZHPFix 1.12.3233 par Nicolas Coolman, Update du 30/12/2010
Fichier d'export Registre : C:\ZHPExportRegistry-01-01-2011-03-02-37.txt
Run by MIMI at 01/01/2011 03:02:37
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
HKCU\Software\3 => Clé supprimée avec succès
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} [DefaultScope] - (Web Search) - http://findgala.com/?&uid=289&q={searchTerms} => Clé absente
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Clé supprimée avec succès
[HKCR\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Clé supprimée avec succès
HKCU\Software\AppDataLow\Software\Conduit => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHot0.dll => Valeur supprimée avec succès

========== Fichier(s) ==========
c:\program files\hotspot_shield\tbhot0.dll => Supprimé et mis en quarantaine


========== Récapitulatif ==========
5 : Clé(s) du Registre
1 : Valeur(s) du Registre
1 : Fichier(s)


End of the scan
0