alertes de sécurité vista anti malware 2010 ASSEEEEEZZZZ !!

[addd]

Bonjour les pros!

message d'une totalement non pro de l'informatique!

voila....

Depuis hier soir et ma visite sur le site de la redoute (pour vous raconter ma vie!) j'ai de multiples alertes de sécurité vista. Ils me disent que mon PC est gravement infesté et ne proposent que l'achat (à 50 euros pour 6 mois) de l'antivirus vista anti malware 2010.

une fenetre apparait et indique : les détails sont:
attack from: 168.234.129.240 port : 8783
attacked port: 7933
threat: Trojan-Clicker.Win32.Small.kj

je n'ai plus accès à internet

j'ai lu un post similaire sur votre forum et j'ai suivi ce qu'un modérateur a dit: télécharger malwarebytes.org et pour l'instant ce logiciel est en train de scanner mon pc. il en est à 21 éléments infectés

j'en suis la... j'avoue qu'il me faut des indications bien plus guidées pour la suite...

MERCI D'AVANCE

[addd]

ah un nouveau truc:

j'ai mac affee sur mon pc

il vient de me dire qu'il a détecté ça:

C:/user/Adeline/AppData/local/Temp/jar_cache36299521567726085.tmn
(je ne sais pas faire les barres inclinées dans l'autre sens ...sorry!)

???????????

je suis perdue!!

[addd]

malewarebytes a terminé.

j'ai supprimé tous les fichiers sélectionnés.

voila le rapport ... attention c'est long!

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3886
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

20/03/2010 09:15:36
mbam-log-2010-03-20 (09-15-36).txt

Type de recherche: Examen rapide
Eléments examinés: 103614
Temps écoulé: 49 minute(s), 10 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
C:\Users\Adeline\AppData\Local\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Adeline\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Adeline\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Adeline\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\MySearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\00011F23 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\003D0676.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\003D0879.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Adeline\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Adeline\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
C:\Users\Adeline\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Adeline\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Adeline\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Adeline\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
c:\Users\Adeline\wuaucldt.exe (Trojan.Agent) -> Delete on reboot.

[addd]

en redémarrant mon pc...

plus d'alertes sécurité ouf...

EST CE QUE CA VEUT DIRE QUE J'AI TOUT BIEN FAIT ?????

Merci de vos conseils!

[bernard53]

Bonjour

Tu as bien fait de valider les suppressions.

fait ceci en plus.

Télécharge Navilog1 :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.

Fais un clic-droit sur le Navilog1.exe présent sur ton bureau et choisis :
"Exécuter en tant qu'administrateur". C'est impératif : "Pour Vista et Seven seulement"

Au menu principal, Fais le choix "1"
Laisse toi guider et patiente.
De nouveau choisis 1
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.

Copie-colle l'intégralité du rapport dans ta réponse.
Referme le blocnote.
Note : Il sera enregistré sous C:\cleannavi.txt


et ceci après pour contrôle s.t.p

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau:

Double clique sur RSIT.exe qui se trouve sur ton bureau pour le lancer:
Pour VISTA :
Clic-droit et choisis "Exécuter en tant qu'administrateur".
Ensuite :
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Le rapport va se créer. Pour le mettre sur le forum.

Tout sélectionner : CRTL+ A
Tout copier : CRTL+ C
Tout coller : CRTL+ V

Vous pouvez, une fois posté, le fermer. Ce rapport s’appelle.log.txt

Le rapport est sauvegardé à la racine du disque: C:\rsit\info.txt et C:\rsit\log.txt