Personal Internet Security 2011

Résolu
fatima -  
 Beaubec -
Bonjour,

quelqu'un connait Personal Internet Security 2011 ?

mon pc affiche plein d'avertissement, tentative de vol d'identité...

j'ai télécharger spyhunter 4 pour nettoyer mon pc mais je sais pas si c'est une bonne idée.

merci pour vos conseils...

Fatima

44 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une personne signale des avertissements et tentatives de vol d'identité après l'installation présumée de Personal Internet Security 2011, et se demande si SpyHunter 4 est une solution appropriée.
Plusieurs échanges décrivent l'utilisation d'Ad-Remover pour nettoyer des éléments indésirables et un scan complet avec Avira AntiVir Personal sur un système Windows Vista touché par Personal Internet Security 2011.
Le rapport d'Ad-Remover signale la suppression de dossiers et fichiers liés à Conduit, iMesh, Ask, et d'autres compléments, ainsi que la suppression de clés de registre pertinentes, puis des vérifications supplémentaires.
En cas de doute, il est recommandé de relancer une analyse approfondie avec des outils tels que ZHPDiag et de relancer les scans sous droits administratifs pour éviter les faux positifs.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello,

    ah non, pas une bonne idée :)

    ▶ Télécharge sur le bureau RogueKiller (par tigzy)

    ▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )

    ▶ Quitte tous tes programmes en cours
    ▶ Lance RogueKiller.exe.
    ▶ Lorsque demandé, tape 2 et valide
    ▶ Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
    Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois.

    Note: s'il te demande de supprimer le proxy, tape 1

    Puis:

    ▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.

    ▶ ▶ Miroir si inaccessible

    ▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

    ▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
    ▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
    ▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
    Une fois la mise à jour terminée
    ▶ rends-toi dans l'onglet Recherche
    ▶ Sélectionne Exécuter un examen complet
    ▶ Clique sur Rechercher
    ▶ ▶ Le scan démarre.
    ▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    ▶ Clique sur Ok pour poursuivre.
    ▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
    ▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    ▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    ▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
    ▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
    ▶ Tu clique dessus pour l'afficher, une fois affiché
    ▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    @+ :)
    0
    1. fatima
       
      Merci! Par contre avant tout, dois-je d'abord desinstaller spyhunter...?? :-(

      désolée je suis nule en informatique...
      0
    2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      on s'en occupera plus tard ;)
      0
    3. fatima
       
      ok
      0
    4. fatima
       
      RogueKiller V3.6.0 by Tigzy
      contact at www.sur-la-toile.com
      mail: tigzy44<at>hotmail<dot>fr
      Feedback: https://www.luanagames.com/index.fr.html

      Operating System: Windows Vista (6.0.6001 Service Pack 1) version 32 bits
      Mode: Remove -- Time : 31/12/2010 23:01:15

      Bad processes:

      Deregistred:
      HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:25382
      Task -> {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job : C:\Users\MIMI\AppData\Local\Temp\Jcj.exe
      Task -> {66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job : C:\Users\MIMI\AppData\Local\Temp\Jcc.exe

      Fichier HOSTS:
      127.0.0.1 localhost
      ::1 localhost


      Finished
      0
    5. fatima
       
      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org

      Version de la base de données: 5429

      Windows 6.0.6001 Service Pack 1
      Internet Explorer 8.0.6001.18999

      01/01/2011 01:18:54
      mbam-log-2011-01-01 (01-18-54).txt

      Type d'examen: Examen complet (C:\|D:\|)
      Elément(s) analysé(s): 384469
      Temps écoulé: 1 heure(s), 56 minute(s), 5 seconde(s)

      Processus mémoire infecté(s): 2
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 15
      Valeur(s) du Registre infectée(s): 11
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 31
      Fichier(s) infecté(s): 94

      Processus mémoire infecté(s):
      c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 2024 -> Unloaded process successfully.
      c:\programdata\1a415a\pi1a4_289.exe (Rogue.InternetSecuritySuite) -> 3984 -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DEALIO@MYBROWSERBAR.COM (PUP.Dealio) -> Value: DEALIO@MYBROWSERBAR.COM -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\INSTALL.RDF (PUP.Dealio) -> Value: INSTALL.RDF -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Personal Internet Security 2011 (Rogue.InternetSecuritySuite) -> Value: Personal Internet Security 2011 -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=289&q={searchTerms}) Good: (https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      c:\Users\MIMI\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
      c:\program files\clickpotatolite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\program files\clickpotatolite\bin\10.0.530.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.
      c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.
      c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\Users\MIMI\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
      c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar (PUP.Dealio) -> Delete on reboot.
      c:\program files\dealio toolbar\FF (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\IE (PUP.Dealio) -> Delete on reboot.
      c:\program files\dealio toolbar\IE\4.1 (PUP.Dealio) -> Delete on reboot.
      c:\program files\dealio toolbar\FF\chrome (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\Users\MIMI\AppData\Roaming\personal internet security 2011 (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
      c:\Windows\Temp\QUE7A3A.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
      c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.
      c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
      c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\install.rdf (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\widgitoolbarplugin.css (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Delete on reboot.
      c:\program files\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\mozilla firefox\extensions\dealio@mybrowserbar.com (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\login.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\login.xul (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\parser.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\rsstickerwidget.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\searchbox.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\searchbox.xul (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\utils.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgichevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgicomm.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgihandling.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgilisteners.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.xul (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\widgiui.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\locale\EN-US\searchbox.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\locale\EN-US\yahoo-search.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\searchbox.css (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\chevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\content\chevron.xul (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\FF\chrome\skin\splitter.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\program files\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
      c:\Users\MIMI\downloads\popularscreensavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
      c:\programdata\1a415a\pi1a4_289.exe (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.
      c:\Users\MIMI\AppData\Roaming\personal internet security 2011\instructions.ini (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
      c:\Users\MIMI\AppData\Roaming\microsoft\Windows\start menu\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
      c:\Users\MIMI\Desktop\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
      c:\Users\MIMI\AppData\Roaming\microsoft\Windows\start menu\Programs\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully.
      c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
      0
  2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    répond par le bouton vert répondre

    fais ceci stp :

    Nous allons effectuer un diagnostic de ton PC:
    Télécharge ZHPDiag sur ton bureau :

    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
    ou :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    ou :
    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

    ▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau"<gras> et décoche la case <gras>"Exécuter ZHPDiag"

    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

    ▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    ▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    ▶ Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
    http://www.cijoint.fr/
    ou :
    http://ww38.toofiles.com/fr/documents-upload.html

    ▶ Tuto zhpdiag :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    @+
    0
  3. fatima
     
    je n'arrive pas à executer le programme...

    "createProcess a echoué; code 740. L'opération demandée nécessite une élévation"
    0
  4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Lis tout :)

    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fatima
     
    voilà! :-D
    alors docteur... :-P

    http://www.cijoint.fr/cjlink.php?file=cj201101/cijsjy63DB.txt
    0
  7. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Huuuuuuummmmmmmm diagnostic très parlant, encore bien infecté :s

    Tu as plusieurs adwares....

    Tu as installé des programmes EoRezo, sais-tu que le service transmet certaines informations ? comme par exemple ton adresse, numéro de télephone qui ont été saisis lors de l'inscription ?
    EoRezo modifie aussi ta page de démarrge vers lo.st, il se peux aussi que ce site transmettent certaines informations.

    Pour plus d'informations se reporter à cette page : https://forum.malekal.com/viewtopic.php?t=18245&start=

    On va éradiquer tout ça :

    Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

    http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
    OU
    https://www.androidworld.fr/ ( Miroir )

    /!\ Ferme toutes applications en cours /!\

    ▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ▶ Sur la page, clique sur le bouton « Nettoyer »
    ▶ Confirme lancement du scan
    ▶ Laisse travailler l'outil.
    ▶ Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    @+ (:
    0
  8. fatima
     
    waw! ça fait peur ... Je connaissais pas du tout EoRezo... J'arrive pas à savoir comment il s'est retrouvé dans mon pc

    Bon ben je me remets au travail :-)
    0
  9. fatima
     
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 22/12/10 à 11:40
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:58:45 le 01/01/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
    MIMI@PC-DE-BUREAU (Hewlett-Packard HP Pavilion dv7 Notebook PC)

    ============== ACTION(S) ==============

    Fichier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
    Dossier supprimé: C:\Users\MIMI\Music\Imesh
    Dossier supprimé: C:\Program Files\Ask.com
    Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\Dealio
    Dossier supprimé: C:\Program Files\Application Updater
    Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\Search Settings
    Dossier supprimé: C:\Users\MIMI\AppData\LocalLow\ShopperReports3
    Dossier supprimé: C:\Program Files\Common Files\Spigot
    Dossier supprimé: C:\Users\MIMI\AppData\Roaming\OfferBox
    Dossier supprimé: C:\Program Files\OfferBox
    Dossier supprimé: C:\Program Files\iMesh Applications
    Fichier supprimé: C:\Users\MIMI\Downloads\BandooV6(2).exe
    Fichier supprimé: C:\Users\MIMI\Downloads\BandooV6.exe
    Fichier supprimé: C:\Users\MIMI\Downloads\iMeshV10fr.exe

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2102473
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2405723
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé supprimée: HKLM\Software\Application Updater
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\Search Settings
    Clé supprimée: HKCU\Software\Spointer
    Clé supprimée: HKCU\Software\iMesh
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\Dealio
    Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings
    Clé supprimée: HKLM\Software\Classes\Installer\Products\01B38F1CBEB0f574BB2A2E530BB28962
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\01B38F1CBEB0f574BB2A2E530BB28962
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96E2118A-4E63-4D7B-901C-48B23B89929C}
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{96E2118A-4E63-4D7B-901C-48B23B89929C}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

    ============== SCAN ADDITIONNEL ==============

    ** Internet Explorer Version [8.0.6001.18999] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\Windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Enable Browser Extensions: yes
    Local Page: C:\Windows\System32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: $ActiveDomain/page/blank/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 90 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 01/01/2011 (4467 Octet(s))

    Fin à: 02:00:28, 01/01/2011

    ============== E.O.F ==============
    0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Excellent il a bien travaillé AD-Remover, très bien même ;)

    Refais un ZHPDiag à héberger sur cijoint ;)

    @+
    0
  11. fatima
     
    http://www.cijoint.fr/cjlink.php?file=cj201101/cij1kajYVr.txt
    0
  12. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Bon, on va s'occuper de spyhunter que t'as téléchargé :P

    Lis ceci : http://assiste.com.free.fr/p/craptheque/spyhunter.html

    On va le désinstaller :

    ▶ Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

    O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {41EBC322-660F-4D16-A0DF-53147210CBDB}     
    
    


    ▶ Puis Lance ZHPFix depuis le raccourci du bureau .

    ▶ Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    ▶ Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

    ▶ Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

    ▶ Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    ▶ Copie/Colle le rapport à l'écran dans ton prochain message

    ▶ (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)

    accepte la désinstallation bien sur et redémarre ton pc puis refait un zhpdiag tout propre et on supprimera le reste ;)

    @+
    0
  13. fatima
     
    Me laisser pas toute seule avec mon ordinateur "espion". Je lui fais plus confiance :-(
    0
  14. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Je fais la "garde de nuit" ce soir ;)

    m'en fou c'est payé double mouhahaha

    mince on est bénévoles, j'me suis brisé tout seul là \o/ MDR
    0
    1. fatima
       
      loooool! Vous êtes trop fort en plus avec une pointe d'humour!! J'adooore ce site!! :-D
      0
  15. fatima
     
    Voilà le rapport...

    Rapport de ZHPFix 1.12.3233 par Nicolas Coolman, Update du 30/12/2010
    Fichier d'export Registre :
    Run by MIMI at 01/01/2011 02:41:05
    Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Logiciel(s) ==========
    O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {41EBC322-660F-4D16-A0DF-53147210CBDB} => Logiciel supprimé avec succès

    ========== Récapitulatif ==========
    1 : Logiciel(s)

    End of the scan
    0
  16. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    bien redémarre, refais un zhpdiag pour voir :D
    0
  17. fatima
     
    http://www.cijoint.fr/cjlink.php?file=cj201101/cijOZCw4it.txt

    alors? bonne nouvelle?
    0
  18. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    oups dans le script ZHPFix j ai oublié ceci:

    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHot0.dll
    [HKCU\Software\AppDataLow\Software\Conduit]   

    0
  19. fatima
     
    Rapport de ZHPFix 1.12.3233 par Nicolas Coolman, Update du 30/12/2010
    Fichier d'export Registre : C:\ZHPExportRegistry-01-01-2011-03-02-37.txt
    Run by MIMI at 01/01/2011 03:02:37
    Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Clé(s) du Registre ==========
    HKCU\Software\3 => Clé supprimée avec succès
    O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} [DefaultScope] - (Web Search) - http://findgala.com/?&uid=289&q={searchTerms} => Clé absente
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Clé supprimée avec succès
    [HKCR\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Clé supprimée avec succès
    HKCU\Software\AppDataLow\Software\Conduit => Clé supprimée avec succès

    ========== Valeur(s) du Registre ==========
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHot0.dll => Valeur supprimée avec succès

    ========== Fichier(s) ==========
    c:\program files\hotspot_shield\tbhot0.dll => Supprimé et mis en quarantaine

    ========== Récapitulatif ==========
    5 : Clé(s) du Registre
    1 : Valeur(s) du Registre
    1 : Fichier(s)

    End of the scan
    0
  • 1
  • 2
  • 3