Virus gendarmerie HELP!!!!!
kiks9508
Messages postés
11
Statut
Membre
-
roro04 Messages postés 1200 Statut Contributeur -
roro04 Messages postés 1200 Statut Contributeur -
Bonjour mon ordi est infecte par le virus gendarmerie j'ai regarde sur plusieurs site pour une solution mais je n'y comprends rien je suis vraiment nul en informatique svp de l'aide je suis sous windows 7 familiale d'avance merci
A voir également:
- Virus gendarmerie HELP!!!!!
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
6 réponses
kiks9508
Merci roro de me repondre et non je n'avais acces a rien du tout quand j'ouvrais ma session la page du virus apparaisait tout de suite a apres et depuis que j'avais poste le message je n'avais pa rallume mon ordi et hier il a fonctionne sans ce maudit virus peut etre est t'il parti.
roro04
Messages postés
1200
Statut
Contributeur
179
On va quand même vérifier
Re,
De rien, on continue
> Télécharges RansomFix (de Xplode] sur ton bureau.
> Lances-le (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
> Rien ne va apparaitre, c'est normal.
> Poste le rapport situé sous C:\RansomFix_XXXX.txt
Refais un ZHPDiag
++
De rien, on continue
> Télécharges RansomFix (de Xplode] sur ton bureau.
> Lances-le (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
> Rien ne va apparaitre, c'est normal.
> Poste le rapport situé sous C:\RansomFix_XXXX.txt
Refais un ZHPDiag
++
et voila le scan zhp diag que tu m'a dis de faire apres ransom fix https://www.cjoint.com/?BDetn0fFRwM
Re,
> Télécharges ZHPDiag (de Nicolas coolman) sur ton bureau.
> Un fois le téléchargement terminé, double cliques sur ZHPDiag.exe et suis les instructions d'installation. (Clique droit/Exécuter en tant qu'administrateur pour Vista/7).
> Coches la case Créer une îcone sur le bureau lors de l'installation.
> A la fin de l'installation, ZHPDiag va se lancer tout seul.
> Cliques sur l'icône représentant une loupe.
> En fin de scan, enregistres le rapport sur ton Bureau. Pour cela, clique sur l'îcone représentant une disquette.
> Héberge le rapport sur Cjoint puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
++
> Télécharges ZHPDiag (de Nicolas coolman) sur ton bureau.
> Un fois le téléchargement terminé, double cliques sur ZHPDiag.exe et suis les instructions d'installation. (Clique droit/Exécuter en tant qu'administrateur pour Vista/7).
> Coches la case Créer une îcone sur le bureau lors de l'installation.
> A la fin de l'installation, ZHPDiag va se lancer tout seul.
> Cliques sur l'icône représentant une loupe.
> En fin de scan, enregistres le rapport sur ton Bureau. Pour cela, clique sur l'îcone représentant une disquette.
> Héberge le rapport sur Cjoint puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
++
Re,
Ton pc est très infecté
On va rechercher si des adwares sont présants sur ton PC
> Télécharges AdwCleaner (de Xplode) sur ton bureau.
> Lance-le (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
> Clique sur Suppression
> Patiente le temps du scan.
> Poste le rapport qui apparait à la fin.
> Clique sur Quitter
++
Ton pc est très infecté
On va rechercher si des adwares sont présants sur ton PC
> Télécharges AdwCleaner (de Xplode) sur ton bureau.
> Lance-le (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
> Clique sur Suppression
> Patiente le temps du scan.
> Poste le rapport qui apparait à la fin.
> Clique sur Quitter
++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
> Clique sur l'icône ZHPFix présente sur ton bureau. (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
> Clique sur le H bleu.
> Copie/Colle le texte en gras ci-dessous.
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
O43 - CFD: 21/12/2010 - 00:43:36 - [15,089] --H-D- C:\ProgramData\{D8629CB4-484E-4AEC-AC8A-800083A44FF2}
O43 - CFD: 08/01/2011 - 22:28:08 - [1,963] ----D- C:\Users\Florent\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
O44 - LFC:[MD5.2E1BA74B27D9625B7A87BD63444E7D6C] - 04/04/2012 - 17:59:24 ---A- . (...) -- C:\RansomFix_04042012_1859.txt [403]
O44 - LFC:[MD5.AA79366F37DB9183EA5C5BB417C8E0F8] - 04/04/2012 - 17:58:30 ---A- . (...) -- C:\RansomFix_04042012_1858.txt [806]
O44 - LFC:[MD5.1E050836201088FB7A07CF74545F49BD] - 04/04/2012 - 17:14:37 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [61]
O69 - SBI: SearchScopes [HKCU] {50DA66ED-40A2-41D3-9989-E2450E3A3D00} - (SearchYa!) - https://fr.yahoo.com/?p=us
[MD5.061D51A9A1E3D9534466040D7BD5C954] [SPRF][22/12/2011] (...) -- C:\Users\Florent\AppData\Local\Temp\00113142ShellExt.dll [211600]
[MD5.D2810E3DD4B60AB05FE7C29A50921EFA] [SPRF][04/03/2012] (...) -- C:\Users\Florent\AppData\Local\Temp\ins9CBE.tmp.exe [939698]
[MD5.8BD8262968C56FFC258BEC4F905B0496] [SPRF][04/04/2012] (...) -- C:\Users\Florent\AppData\Local\Temp\Uninst.bat [492]
O2 - BHO: Barre d'outils ALOT Helper [64Bits] - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} . (.Vertro - alot.dll.) -- C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll => Infection BT (AdWare.Comet)
O2 - BHO: MediaBar [64Bits] - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} . (.Pas de propriétaire - MediaBar Link Library.) -- C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll => Infection PUP (PUP.iMesh)
O4 - HKLM\..\Wow6432Node\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon)
O4 - Global Startup: C:\Users\Florent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk . (.iMesh, Inc.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O20 - AppInit_DLLs: . (...) - C:\Program Files\WI3C8A~1\Datamngr\x64\datamngr.dll (.not file.) => Infection BT (Adware.Bandoo)
O42 - Logiciel: Barre d'outils ALOT - (.ALOT.) [HKLM] -- alotToolbar => Infection BT (AdWare.Comet)
O42 - Logiciel: Windows iLivid Toolbar - (.Bandoo Media, Inc.) [HKLM] -- Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh => Infection PUP (PUP.iMesh)
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\alot] => Infection BT (AdWare.Comet)
[HKCU\Software\AppDataLow\Software\imeshmediabartb] => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKLM\Software\iMeshMediabarTb] => Infection PUP (PUP.iMesh)
O43 - CFD: 13/06/2011 - 22:24:36 - [0,003] ----D- C:\ProgramData\22259
O43 - CFD: 21/12/2010 - 00:37:18 - [0,086] ----D- C:\ProgramData\iMesh => Infection PUP (PUP.iMesh)
O43 - CFD: 04/03/2012 - 00:44:24 - [0,985] ----D- C:\Users\Florent\AppData\Roaming\Iminent => Infection PUP (Adware.IMBooster)
O43 - CFD: 04/11/2011 - 14:10:24 - [3,731] ----D- C:\Users\Florent\AppData\Local\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 29/12/2011 - 20:43:08 - [0,014] ----D- C:\Users\Florent\AppData\Local\Ilivid Player => Infection BT (Adware.Bandoo)
O43 - CFD: 01/04/2011 - 18:33:00 - [176,681] ----D- C:\Users\Florent\AppData\Local\iMesh => Infection PUP (PUP.iMesh)
O43 - CFD: 10/03/2011 - 17:15:22 - [1,778] ----D- C:\Program Files (x86)\alot => Infection BT (AdWare.Comet)
O43 - CFD: 29/12/2011 - 20:50:04 - [34,213] ----D- C:\Program Files (x86)\iLivid => Infection BT (Adware.Bandoo)
O43 - CFD: 21/12/2010 - 00:43:34 - [43,193] ----D- C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
O69 - SBI: SearchScopes [HKCU] {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - (ALOT Search) - https://search.alot.com/ => Infection BT (AdWare.Comet)
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} - (Web Search) - http://search.imesh.net/ => Infection BT (Adware.Bandoo)
O87 - FAEL: "{DEE50331-3E5B-48FE-8588-2CC9F140E292}" | In - Domain - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{4FA281EA-9FB1-47F6-9E21-B05224651F5B}" | In - Domain - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{26999883-4827-45F5-ACAB-378CD58B517B}" | In - Private - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{39223D44-3C0B-40C0-9CDC-D3B47B66F92C}" | In - Private - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{1A72C634-03B7-49AC-BC8E-63F07C66D095}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo)
O87 - FAEL: "{376B601E-2ED6-4889-917F-8FE984FF993D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo)
O87 - FAEL: "{46E96CE5-C629-4C4B-AFAD-07EFC61946DD}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster)
O87 - FAEL: "{8C509730-CCF8-47F6-A876-89C8297AD778}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster)
[HKLM\Software\WOW6432Node\Classes\AppID\DiscoveryHelper.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\GIFAnimator.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\iMesh.exe]
[HKLM\Software\WOW6432Node\Classes\AppID\IMTrProgress.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\IMWeb.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\WMHelper.DLL]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}]
[HKLM\Software\WOW6432Node\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{252c2315-cce0-4446-8da7-c00292a690ba}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28D35620-51D9-11DE-9D13-2DB156D89593}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}]
[HKLM\Software\WOW6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}] => Infection PUP (BearShare)
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}] => Infection PUP (BearShare)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKLM\Software\WOW6432Node\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKLM\Software\WOW6432Node\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{69d3f709-9de2-479f-980f-532d46895703}] => Infection BT (Adware.BHO)
[HKLM\Software\WOW6432Node\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}] => Infection BT (Adware.BHO)
[HKLM\Software\WOW6432Node\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}] => Infection PUP (BearShare)
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{969D2C61-9B16-407c-86B7-397BF4579BE6}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{969D2C61-9B16-407c-86B7-397BF4579BE6}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] => Infection PUP (PUP.BearShare)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] => Infection PUP (Adware.IMBooster)
[HKLM\Software\WOW6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}] => Infection PUP (PUP.BearShare)
[HKLM\Software\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\iMesh] => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
C:\ProgramData\iMesh => Infection PUP (PUP.iMesh)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh => Infection PUP (PUP.iMesh)
C:\Users\Florent\AppData\Roaming\Iminent => Infection PUP (Adware.IMBooster)
C:\Users\Florent\AppData\Local\Babylon => Infection BT (Toolbar.Babylon)
C:\Users\Florent\AppData\Local\iMesh => Infection PUP (PUP.iMesh)
C:\Users\Florent\AppData\LocalLow\alot => Infection BT (AdWare.Comet)
C:\Users\Florent\AppData\LocalLow\iMeshMediabarTb => Infection PUP (PUP.iMesh)
C:\Users\Florent\AppData\LocalLow\searchqutoolbar => Infection PUP (Adware.Bandoo)
C:\Program Files (x86)\alot => Infection BT (AdWare.Comet)
C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
R3 - URLSearchHook: Softonic_France Toolbar [64Bits] - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files (x86)\Softonic_France\tbSof0.dll
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar [64Bits] - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files (x86)\MessengerPlusLive_France_TB\tbMess.dll
R3 - URLSearchHook: Softonic_France Toolbar [64Bits] - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files (x86)\Softonic_France\tbSof0.dll
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar [64Bits] - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files (x86)\MessengerPlusLive_France_TB\tbMess.dll
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) (No version) -- (.not file.) => Toolbar.Conduit
O2 - BHO: Softonic_France Toolbar [64Bits] - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Softonic_France\tbSof0.dll
O2 - BHO: MessengerPlusLive France TB Toolbar [64Bits] - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\MessengerPlusLive_France_TB\tbMess.dll
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) => Toolbar.Ask
O42 - Logiciel: MessengerPlusLive France TB Toolbar - (.MessengerPlusLive France TB.) [HKLM] -- MessengerPlusLive_France_TB Toolbar => Toolbar.Conduit
O42 - Logiciel: Softonic_France Toolbar - (.Softonic_France.) [HKLM] -- Softonic_France Toolbar => Toolbar.Conduit
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.9 - (.SweetIM Technologies Ltd..) [HKLM] -- {A6CC2CA2-2779-4F10-88BF-A3C9EB874C24} => SweetIM Toolbar
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Softonic_France] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] => Toolbar.Conduit
[HKLM\Software\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKLM\Software\Softonic_France] => Toolbar.Conduit
O43 - CFD: 12/09/2010 - 20:28:12 - [0,740] ----D- C:\Users\Florent\AppData\Local\AskToolbar => Toolbar.Ask
O43 - CFD: 26/02/2012 - 14:11:14 - [0,063] ----D- C:\Users\Florent\AppData\Local\Conduit => Toolbar.Conduit
O43 - CFD: 12/09/2010 - 19:58:10 - [2,808] ----D- C:\Program Files (x86)\MessengerPlusLive_France_TB => Toolbar.Conduit
O43 - CFD: 12/12/2010 - 13:57:24 - [9,825] ----D- C:\Program Files (x86)\Softonic_France => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\AppID\Launcher.EXE]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioCompress3.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioFile3.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioFileWMA3.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioFormatSettings3.DLL]
[HKLM\Software\WOW6432Node\Classes\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}] => PUP.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] => Toolbar.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] => Toolbar.Agent
[HKLM\Software\WOW6432Node\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] => Toolbar.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}] => PUP.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] => Toolbar.Agent
[HKLM\Software\WOW6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] => AVG Security Toolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}] => Toolbar.BarsShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}] => Toolbar.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}] => Toolbar.Facemoods
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Softonic_France] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Softonic_France] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] => Toolbar.Conduit
C:\Users\Florent\AppData\Local\AskToolbar => Toolbar.Ask
C:\Users\Florent\AppData\Local\Conduit => Toolbar.Conduit
C:\Users\Florent\AppData\LocalLow\facemoods.com => Toolbar.Facemoods
C:\Users\Florent\AppData\LocalLow\MessengerPlusLive_France_TB => Toolbar.Conduit
C:\Users\Florent\AppData\LocalLow\Softonic_France => Toolbar.Conduit
C:\Users\Florent\AppData\LocalLow\SweetIM => SweetIM Toolbar
C:\Users\Florent\AppData\LocalLow\uTorrentBar_FR => Toolbar.Conduit
C:\Program Files (x86)\MessengerPlusLive_France_TB => Toolbar.Conduit
C:\Program Files (x86)\Softonic_France => Toolbar.Conduit
C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
> Clique sur OK puis sur Tous.
> Clique sur Nettoyer.
> Poste le rapport qui s'affiche.
++
Vive l'informatique et la sécurité informatique. Tout le monde a droit à de l'aide pour désinfecter son PC.
> Clique sur l'icône ZHPFix présente sur ton bureau. (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
> Clique sur le H bleu.
> Copie/Colle le texte en gras ci-dessous.
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
O43 - CFD: 21/12/2010 - 00:43:36 - [15,089] --H-D- C:\ProgramData\{D8629CB4-484E-4AEC-AC8A-800083A44FF2}
O43 - CFD: 08/01/2011 - 22:28:08 - [1,963] ----D- C:\Users\Florent\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
O44 - LFC:[MD5.2E1BA74B27D9625B7A87BD63444E7D6C] - 04/04/2012 - 17:59:24 ---A- . (...) -- C:\RansomFix_04042012_1859.txt [403]
O44 - LFC:[MD5.AA79366F37DB9183EA5C5BB417C8E0F8] - 04/04/2012 - 17:58:30 ---A- . (...) -- C:\RansomFix_04042012_1858.txt [806]
O44 - LFC:[MD5.1E050836201088FB7A07CF74545F49BD] - 04/04/2012 - 17:14:37 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [61]
O69 - SBI: SearchScopes [HKCU] {50DA66ED-40A2-41D3-9989-E2450E3A3D00} - (SearchYa!) - https://fr.yahoo.com/?p=us
[MD5.061D51A9A1E3D9534466040D7BD5C954] [SPRF][22/12/2011] (...) -- C:\Users\Florent\AppData\Local\Temp\00113142ShellExt.dll [211600]
[MD5.D2810E3DD4B60AB05FE7C29A50921EFA] [SPRF][04/03/2012] (...) -- C:\Users\Florent\AppData\Local\Temp\ins9CBE.tmp.exe [939698]
[MD5.8BD8262968C56FFC258BEC4F905B0496] [SPRF][04/04/2012] (...) -- C:\Users\Florent\AppData\Local\Temp\Uninst.bat [492]
O2 - BHO: Barre d'outils ALOT Helper [64Bits] - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} . (.Vertro - alot.dll.) -- C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll => Infection BT (AdWare.Comet)
O2 - BHO: MediaBar [64Bits] - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} . (.Pas de propriétaire - MediaBar Link Library.) -- C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll => Infection PUP (PUP.iMesh)
O4 - HKLM\..\Wow6432Node\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon)
O4 - Global Startup: C:\Users\Florent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk . (.iMesh, Inc.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O20 - AppInit_DLLs: . (...) - C:\Program Files\WI3C8A~1\Datamngr\x64\datamngr.dll (.not file.) => Infection BT (Adware.Bandoo)
O42 - Logiciel: Barre d'outils ALOT - (.ALOT.) [HKLM] -- alotToolbar => Infection BT (AdWare.Comet)
O42 - Logiciel: Windows iLivid Toolbar - (.Bandoo Media, Inc.) [HKLM] -- Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh => Infection PUP (PUP.iMesh)
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\alot] => Infection BT (AdWare.Comet)
[HKCU\Software\AppDataLow\Software\imeshmediabartb] => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKLM\Software\iMeshMediabarTb] => Infection PUP (PUP.iMesh)
O43 - CFD: 13/06/2011 - 22:24:36 - [0,003] ----D- C:\ProgramData\22259
O43 - CFD: 21/12/2010 - 00:37:18 - [0,086] ----D- C:\ProgramData\iMesh => Infection PUP (PUP.iMesh)
O43 - CFD: 04/03/2012 - 00:44:24 - [0,985] ----D- C:\Users\Florent\AppData\Roaming\Iminent => Infection PUP (Adware.IMBooster)
O43 - CFD: 04/11/2011 - 14:10:24 - [3,731] ----D- C:\Users\Florent\AppData\Local\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 29/12/2011 - 20:43:08 - [0,014] ----D- C:\Users\Florent\AppData\Local\Ilivid Player => Infection BT (Adware.Bandoo)
O43 - CFD: 01/04/2011 - 18:33:00 - [176,681] ----D- C:\Users\Florent\AppData\Local\iMesh => Infection PUP (PUP.iMesh)
O43 - CFD: 10/03/2011 - 17:15:22 - [1,778] ----D- C:\Program Files (x86)\alot => Infection BT (AdWare.Comet)
O43 - CFD: 29/12/2011 - 20:50:04 - [34,213] ----D- C:\Program Files (x86)\iLivid => Infection BT (Adware.Bandoo)
O43 - CFD: 21/12/2010 - 00:43:34 - [43,193] ----D- C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
O69 - SBI: SearchScopes [HKCU] {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - (ALOT Search) - https://search.alot.com/ => Infection BT (AdWare.Comet)
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} - (Web Search) - http://search.imesh.net/ => Infection BT (Adware.Bandoo)
O87 - FAEL: "{DEE50331-3E5B-48FE-8588-2CC9F140E292}" | In - Domain - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{4FA281EA-9FB1-47F6-9E21-B05224651F5B}" | In - Domain - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{26999883-4827-45F5-ACAB-378CD58B517B}" | In - Private - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{39223D44-3C0B-40C0-9CDC-D3B47B66F92C}" | In - Private - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe => Infection PUP (PUP.iMesh)
O87 - FAEL: "{1A72C634-03B7-49AC-BC8E-63F07C66D095}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo)
O87 - FAEL: "{376B601E-2ED6-4889-917F-8FE984FF993D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) => Infection BT (Adware.Bandoo)
O87 - FAEL: "{46E96CE5-C629-4C4B-AFAD-07EFC61946DD}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster)
O87 - FAEL: "{8C509730-CCF8-47F6-A876-89C8297AD778}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster)
[HKLM\Software\WOW6432Node\Classes\AppID\DiscoveryHelper.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\GIFAnimator.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\iMesh.exe]
[HKLM\Software\WOW6432Node\Classes\AppID\IMTrProgress.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\IMWeb.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\WMHelper.DLL]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}]
[HKLM\Software\WOW6432Node\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{252c2315-cce0-4446-8da7-c00292a690ba}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28D35620-51D9-11DE-9D13-2DB156D89593}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}]
[HKLM\Software\WOW6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}] => Infection PUP (BearShare)
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}] => Infection PUP (BearShare)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKLM\Software\WOW6432Node\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] => Infection BT (AdWare.Comet)
[HKLM\Software\WOW6432Node\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{69d3f709-9de2-479f-980f-532d46895703}] => Infection BT (Adware.BHO)
[HKLM\Software\WOW6432Node\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}] => Infection BT (Adware.BHO)
[HKLM\Software\WOW6432Node\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}] => Infection PUP (BearShare)
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{969D2C61-9B16-407c-86B7-397BF4579BE6}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{969D2C61-9B16-407c-86B7-397BF4579BE6}] => Infection PUP (PUP.iMesh)
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] => Infection PUP (PUP.BearShare)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] => Infection PUP (Adware.IMBooster)
[HKLM\Software\WOW6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}] => Infection PUP (BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}] => Infection PUP (PUP.BearShare)
[HKLM\Software\WOW6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}] => Infection PUP (PUP.BearShare)
[HKLM\Software\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\iMesh] => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
[HKLM\Software\WOW6432Node\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
C:\ProgramData\iMesh => Infection PUP (PUP.iMesh)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh => Infection PUP (PUP.iMesh)
C:\Users\Florent\AppData\Roaming\Iminent => Infection PUP (Adware.IMBooster)
C:\Users\Florent\AppData\Local\Babylon => Infection BT (Toolbar.Babylon)
C:\Users\Florent\AppData\Local\iMesh => Infection PUP (PUP.iMesh)
C:\Users\Florent\AppData\LocalLow\alot => Infection BT (AdWare.Comet)
C:\Users\Florent\AppData\LocalLow\iMeshMediabarTb => Infection PUP (PUP.iMesh)
C:\Users\Florent\AppData\LocalLow\searchqutoolbar => Infection PUP (Adware.Bandoo)
C:\Program Files (x86)\alot => Infection BT (AdWare.Comet)
C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
R3 - URLSearchHook: Softonic_France Toolbar [64Bits] - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files (x86)\Softonic_France\tbSof0.dll
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar [64Bits] - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files (x86)\MessengerPlusLive_France_TB\tbMess.dll
R3 - URLSearchHook: Softonic_France Toolbar [64Bits] - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files (x86)\Softonic_France\tbSof0.dll
R3 - URLSearchHook: MessengerPlusLive France TB Toolbar [64Bits] - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files (x86)\MessengerPlusLive_France_TB\tbMess.dll
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) (No version) -- (.not file.) => Toolbar.Conduit
O2 - BHO: Softonic_France Toolbar [64Bits] - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Softonic_France\tbSof0.dll
O2 - BHO: MessengerPlusLive France TB Toolbar [64Bits] - {b9e20919-fa55-471f-989b-b107bf8de785} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\MessengerPlusLive_France_TB\tbMess.dll
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) => Toolbar.Ask
O42 - Logiciel: MessengerPlusLive France TB Toolbar - (.MessengerPlusLive France TB.) [HKLM] -- MessengerPlusLive_France_TB Toolbar => Toolbar.Conduit
O42 - Logiciel: Softonic_France Toolbar - (.Softonic_France.) [HKLM] -- Softonic_France Toolbar => Toolbar.Conduit
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.9 - (.SweetIM Technologies Ltd..) [HKLM] -- {A6CC2CA2-2779-4F10-88BF-A3C9EB874C24} => SweetIM Toolbar
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Softonic_France] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] => Toolbar.Conduit
[HKLM\Software\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKLM\Software\Softonic_France] => Toolbar.Conduit
O43 - CFD: 12/09/2010 - 20:28:12 - [0,740] ----D- C:\Users\Florent\AppData\Local\AskToolbar => Toolbar.Ask
O43 - CFD: 26/02/2012 - 14:11:14 - [0,063] ----D- C:\Users\Florent\AppData\Local\Conduit => Toolbar.Conduit
O43 - CFD: 12/09/2010 - 19:58:10 - [2,808] ----D- C:\Program Files (x86)\MessengerPlusLive_France_TB => Toolbar.Conduit
O43 - CFD: 12/12/2010 - 13:57:24 - [9,825] ----D- C:\Program Files (x86)\Softonic_France => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\AppID\Launcher.EXE]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioCompress3.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioFile3.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioFileWMA3.DLL]
[HKLM\Software\WOW6432Node\Classes\AppID\NCTAudioFormatSettings3.DLL]
[HKLM\Software\WOW6432Node\Classes\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}] => PUP.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] => Toolbar.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] => Toolbar.Agent
[HKLM\Software\WOW6432Node\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] => Toolbar.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}] => PUP.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] => Toolbar.Agent
[HKLM\Software\WOW6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] => AVG Security Toolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9e20919-fa55-471f-989b-b107bf8de785}] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}] => Toolbar.BarsShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}] => Toolbar.BearShare
[HKLM\Software\WOW6432Node\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}] => Toolbar.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}] => Toolbar.Facemoods
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\MessengerPlusLive_France_TB] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Softonic_France] => Toolbar.Conduit
[HKLM\Software\WOW6432Node\Softonic_France] => Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] => Toolbar.Conduit
C:\Users\Florent\AppData\Local\AskToolbar => Toolbar.Ask
C:\Users\Florent\AppData\Local\Conduit => Toolbar.Conduit
C:\Users\Florent\AppData\LocalLow\facemoods.com => Toolbar.Facemoods
C:\Users\Florent\AppData\LocalLow\MessengerPlusLive_France_TB => Toolbar.Conduit
C:\Users\Florent\AppData\LocalLow\Softonic_France => Toolbar.Conduit
C:\Users\Florent\AppData\LocalLow\SweetIM => SweetIM Toolbar
C:\Users\Florent\AppData\LocalLow\uTorrentBar_FR => Toolbar.Conduit
C:\Program Files (x86)\MessengerPlusLive_France_TB => Toolbar.Conduit
C:\Program Files (x86)\Softonic_France => Toolbar.Conduit
C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
> Clique sur OK puis sur Tous.
> Clique sur Nettoyer.
> Poste le rapport qui s'affiche.
++
Vive l'informatique et la sécurité informatique. Tout le monde a droit à de l'aide pour désinfecter son PC.
desolé de repondre que maintenant j'avais du travail voila le rapport de ce que tu m'as dit de faire https://www.cjoint.com/?BDhrdtn2ERH
Re,
> Télécharges Malwarebytes sur ton bureau.
> Lance le. Laisse les options par défaut lors de l'installation. A la fin, il va se mettre à jour, laisse-le faire.
> Branche toutes tes sources de données externes à ton PC. (Clés USB...)
> Rends-toi dans l'onglet Recherche, clique sur Exécuter un examen complet puis clique sur Rechercher.
> Sélectionnes tes disques durs et disques amovibles puis clique sur Rechercher
> A la fin du scan, un rapport s'ouvre. Clique sur fichier puis enregistrer sous. Clique sur Bureau et met le nom Malwarebytes
> Si MalwareBytes détecte des infections, clique sur Afficher les résultats, puis sur Supprimer la sélection.
> Si Malwarebytes te demande de redémarrer ton pc, clique sur oui
> Poste le rapport
!!! Ne pas vider la quarantaine de MBAM sans avis !!!
Tuto pour t'aider Ici
Ensuite
> Télécharge RogueKiller (by tigzy) sur ton bureau.
> Quitte tous tes programmes en cours d'éxécution.
> Lance RogueKiller.exe
> Attends que le Prescan ait fini ...
> Clique sur Scan
> Clique sur Rapport et copie/colle le contenu du notepad.
++
> Télécharges Malwarebytes sur ton bureau.
> Lance le. Laisse les options par défaut lors de l'installation. A la fin, il va se mettre à jour, laisse-le faire.
> Branche toutes tes sources de données externes à ton PC. (Clés USB...)
> Rends-toi dans l'onglet Recherche, clique sur Exécuter un examen complet puis clique sur Rechercher.
> Sélectionnes tes disques durs et disques amovibles puis clique sur Rechercher
> A la fin du scan, un rapport s'ouvre. Clique sur fichier puis enregistrer sous. Clique sur Bureau et met le nom Malwarebytes
> Si MalwareBytes détecte des infections, clique sur Afficher les résultats, puis sur Supprimer la sélection.
> Si Malwarebytes te demande de redémarrer ton pc, clique sur oui
> Poste le rapport
!!! Ne pas vider la quarantaine de MBAM sans avis !!!
Tuto pour t'aider Ici
Ensuite
> Télécharge RogueKiller (by tigzy) sur ton bureau.
> Quitte tous tes programmes en cours d'éxécution.
> Lance RogueKiller.exe
> Attends que le Prescan ait fini ...
> Clique sur Scan
> Clique sur Rapport et copie/colle le contenu du notepad.
++
