Nettoyage, rapport hijackthis

Résolu
Mikarel1971 Messages postés 51 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Bonjour, Bonsoir,

Puisque vous etes les meilleurs, et que je suis qu'un apprenti-informaticien, je sollicite votre aide pour me debarasser des bobos sur cet ordi qui appartenait au beau-frere amant de tout ce qui est contagieux sur le net...

Merci d'avance et salutations !

Mikael, de la rive-sud de Montreal au Quebec !!!

Rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:17 PM, on 11/18/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/defaultf.aspx?tc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL
O2 - BHO: Zoom Downloader - {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] c:\program files (x86)\itunes\ituneshelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm (file missing)
O9 - Extra button: Betway.com - 'W - C:\Microgaming\Casino\Betway\casinogame.exe (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7508 bytes

14 réponses

  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello le Québec, ici la belgique :p

    Rien de grave :-)

    Télécharge sur cette page: AdwCleaner (de Xplode)

    ▶ Lance-le

    clique sur Suppression et patiente le temps du nettoyage.

    ▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.

    .::. Contributeur Sécurité .::.
    0
  2. Mikarel1971 Messages postés 51 Statut Membre 1
     
    Merci beaucoup la Belgique !!
    Voici le contenu :

    # AdwCleaner v2.008 - Logfile created 11/18/2012 at 20:01:36
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : d - D-PC
    # Boot Mode : Normal
    # Running from : C:\Users\d\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBUXOHYD\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****

    File Found : C:\user.js
    File Found : C:\Users\d\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
    Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Found : C:\Program Files (x86)\Wajam
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\d\Appdata\Local\APN
    Folder Found : C:\Users\d\Appdata\Local\Babylon
    Folder Found : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
    Folder Found : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Found : C:\Users\d\Appdata\LocalLow\BabylonToolbar
    Folder Found : C:\Users\d\Appdata\Roaming\Babylon
    Folder Found : C:\Users\d\Appdata\Roaming\OpenCandy

    ***** [Registry] *****

    Key Found : HKCU\Software\Alexa Internet
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\wajam.DLL
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Key Found : HKU\S-1-5-21-2461543870-2843713146-2677231239-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\d\Appdata\Local\Google\Chrome\User data\default\Preferences

    Found [l.446] : homepage = "hxxp://home.sweetim.com/?barid={1E9CA8B0-81E6-11E1-B0A2-4061865F73E7}",

    *************************

    AdwCleaner[R1].txt - [3991 octets] - [18/11/2012 20:01:36]

    ########## EOF - C:\AdwCleaner[R1].txt - [4051 octets] ##########
    0
  3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ah ton computer est en anglais ;)

    Fais le Delete avec AdwCleaner :)
    0
  4. Mikarel1971 Messages postés 51 Statut Membre 1
     
    # AdwCleaner v2.008 - Logfile created 11/18/2012 at 22:11:02
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : d - D-PC
    # Boot Mode : Normal
    # Running from : C:\Users\d\Downloads\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    File Deleted : C:\user.js
    File Deleted : C:\Users\d\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\Wajam
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\d\Appdata\Local\APN
    Folder Deleted : C:\Users\d\Appdata\Local\Babylon
    Folder Deleted : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
    Folder Deleted : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\d\Appdata\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\d\Appdata\Roaming\Babylon
    Folder Deleted : C:\Users\d\Appdata\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Alexa Internet
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.2 (fr)

    Profile name : default
    File : C:\Users\d\Appdata\Roaming\Mozilla\Firefox\Profiles\v2mld4j4.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\d\Appdata\Local\Google\Chrome\User data\default\Preferences

    Deleted [l.446] : homepage = "hxxp://home.sweetim.com/?barid={1E9CA8B0-81E6-11E1-B0A2-4061865F73E7}",

    *************************

    AdwCleaner[R1].txt - [4112 octets] - [18/11/2012 20:01:36]
    AdwCleaner[S1].txt - [4119 octets] - [18/11/2012 22:11:02]

    ########## EOF - C:\AdwCleaner[S1].txt - [4179 octets] ##########
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hi,

    J'ai été me coucher, il était 3h du matin en Belgique ! ;)

    Avançons :

    ▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

    ▶ Exécute-le. Accepte la mise à jour.

    Uniquement en cas de problème de mise à jour:

    Télécharger mises à jour manuelles MBAM

    ● Exécute le fichier après l'installation de MBAM

    ▶ Sélectionne "Exécuter un examen complet"
    ▶ Clique sur "Rechercher"
    ▶ L'analyse démarre, le scan est relativement long, c'est normal.

    A la fin de l'analyse, un message s'affiche :

    Citation :

    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ▶ Ferme tes navigateurs.
    ▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
    ▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

    Si MBAM demande à redémarrer le pc : ▶ fais-le.

    Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.
    0
  7. Mikarel1971 Messages postés 51 Statut Membre 1
     
    Re-bonjour-bonsoir,
    et merci encore !!

    voici le rapport :

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.19.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    d :: D-PC [administrator]

    11/19/2012 5:57:00 PM
    mbam-log-2012-11-19 (17-57-00).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 364842
    Time elapsed: 41 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCMPENG.EXE (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmpeng.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\Downloads\Windows 7 Loader and Activator\Windows Loader\Windows Loader.exe (PUP.HackTool.H) -> No action taken.
    C:\Program Files (x86)\4zUninstall VideoDownloadConverter.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe (PUP.MyWebSearch) -> No action taken.
    C:\Downloads\Windows 7 Loader and Activator\7Loader Release 5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Downloads\Windows 7 Loader and Activator\Se7en Activator v3\Se7en Activator v3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vee-Software\VeeSee\VeeSee.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\d\Desktop\setup\setup.exe (Rogue.Installer.SFXGen1) -> Quarantined and deleted successfully.

    (end)
    0
  8. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hi,
    C:\Program Files (x86)\4zUninstall VideoDownloadConverter.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll (PUP.MyWebSearch) -> No action taken.
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe (PUP.MyWebSearch) -> No action taken.  


    Pourquoi tu les as pas virés ça ?
    0
  9. Mikarel1971 Messages postés 51 Statut Membre 1
     
    Ouin, je crois qu'ils n'étaient pas cochés.
    Ok je re-scan et efface tout ?
    scan en cours
    0
  10. Mikarel1971 Messages postés 51 Statut Membre 1
     
    ?Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.19.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    d :: D-PC [administrator]

    11/19/2012 7:41:13 PM
    mbam-log-2012-11-19 (19-41-13).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 364496
    Time elapsed: 42 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Downloads\Windows 7 Loader and Activator\Windows Loader\Windows Loader.exe (PUP.HackTool.H) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\4zUninstall VideoDownloadConverter.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    (end)
    0
  11. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hi,

    Voilà qui est mieux ! :-)

    Télécharge ici :OTL

    enregistre le sur ton Bureau.

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.

    => Clique ici pour voir la Configuration

    ▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    netsvcs
    safebootminimal
    safebootnetwork
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.ini
    %systemroot%\Tasks\*.*
    %systemroot%\system32\Tasks\*.*
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\config\*.exe /s
    %systemroot%\system32\*.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    CREATERESTOREPOINT
    SAVEMBR:0


    ▶ Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    heberge OTL.txt et extra.txt sur FEC Upload et donne les liens obtenus en échange
    0
  12. Mikarel1971 Messages postés 51 Statut Membre 1
     
    OTL :
    https://forums-fec.be/upload/www/?a=d&i=6116417332

    Extras :
    https://forums-fec.be/upload/www/?a=d&i=8944682083
    0
  13. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello,

    ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous "Personnalisation" :

    :OTL
    IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = https://hp.mywebsearch.com/mywebsearch/index.html
    IE - HKU\S-1-5-21-2461543870-2843713146-2677231239-1001\..\SearchScopes\{6922528B-1718-49F9-9375-CE95D79CBE03}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=en_US&apn_ptnrs=RY&apn_dtid=YYYYYYYYCA&apn_uid
    IE - HKU\S-1-5-21-2461543870-2843713146-2677231239-1001\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = https://hp.mywebsearch.com/mywebsearch/index.html
    IE - HKU\S-1-5-21-2461543870-2843713146-2677231239-1001\..\SearchScopes\{FCDA2DD1-89EB-402B-ADF1-DBE7E684C1AA}: "URL" = http://search.toolbars.alexa.com/?src={referrer:source}&q={searchTerms}
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-2461543870-2843713146-2677231239-1001\..\Run: [AdobeBridge] File not found
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:CDF51F17
    @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:157E1AD3
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:5FC93B4C

    :Commands
    [EMPTYTEMP]


    ▶ Clique sur "Correction" pour lancer la suppression.

    ▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail apres le redemarrage.

    0
  14. Mikarel1971 Messages postés 51 Statut Membre 1
     
    RE-BONSOIR LA BELGIQUE,
    ENCORE ET TOUJOURS MERCI !! :)

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2461543870-2843713146-2677231239-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6922528B-1718-49F9-9375-CE95D79CBE03}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6922528B-1718-49F9-9375-CE95D79CBE03}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2461543870-2843713146-2677231239-1001\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2461543870-2843713146-2677231239-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FCDA2DD1-89EB-402B-ADF1-DBE7E684C1AA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCDA2DD1-89EB-402B-ADF1-DBE7E684C1AA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_USERS\S-1-5-21-2461543870-2843713146-2677231239-1001\\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ not found.
    ADS C:\ProgramData\TEMP:CDF51F17 deleted successfully.
    ADS C:\ProgramData\TEMP:157E1AD3 deleted successfully.
    ADS C:\ProgramData\TEMP:5FC93B4C deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: d
    ->Temp folder emptied: 316440 bytes
    ->Temporary Internet Files folder emptied: 26993379 bytes
    ->FireFox cache emptied: 741486 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 9386088 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 14681912 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 50.00 mb

    OTL by OldTimer - Version 3.2.69.0 log created on 11212012_180621

    Files\Folders moved on Reboot...
    C:\Users\d\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    0
  15. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello le Québec !
    Quel temps chez vous ?
    Ici froid et humide (4°C).

    Si ton PC est OK, il te reste le ménage final à réaliser : https://forums-fec.be/entraide/viewtopic.php?f=11&t=229

    :-)
    0