Virus Gendarmerie
Résolu/Fermé
A voir également:
- Virus Gendarmerie
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Operagxsetup virus ✓ - Forum Virus
- Convocation gendarmerie boite aux lettres - Forum Vos droits sur internet
- Faux message virus ordinateur - Accueil - Arnaque
2 réponses
Utilisateur anonyme
18 avril 2012 à 19:55
18 avril 2012 à 19:55
salut
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Utilisateur anonyme
23 avril 2012 à 15:44
23 avril 2012 à 15:44
salut on est loin d'avoir fini ton ordi est une vraie poubelle numérique
tu cliques vraiment sur n'importe quoi et ne lis pas à l'installation des logiciels....tu cliques , tu cliques....et t'es pourri/infecté
à titre info :
"SearchSettings"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" => Infection PUP (PUP.Dealio)
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=Searchqu Toolbar => Infection PUP (Adware.Bandoo)
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=Babylon Toolbar => Infection BT (Toolbar.Babylon)
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] | (Bubble Dock SurfMatch) -> C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll [19/10/2011 15:28:46] => Infection PUP (Adware.SPointer)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] | (Babylon toolbar helper) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [14/08/2011 14:24:26 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (Searchqu Toolbar) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll [12/07/2011 08:34:52] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] | (Loader Class) -> C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL [24/07/2011 04:05:55] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] | (pdfforge Toolbar) -> C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll [12/04/2012 10:39:16] => Infection BT (Adware.WidgiToolbar)
"AppInit_DLLS"=C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}] | (Search Results) -> http://www1.search-results.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND421%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGA&d=421-0&lang=en&atb=sysid%3D421%3Auid%3D9a8678d2c66cfa84%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND421%5EYY%5EFR{searchTerms} => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}] | (dtUser.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] | (BabylonToolbarsrv.exe) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (uninstall.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKCU\Software\DataMngr_Toolbar]
[HKCU\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\Application Updater] => Infection PUP (PUP.Dealio)
[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKLM\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\pdfforge] => Infection BT (PUP.Dealio)
[HKLM\Software\Search Settings] => Infection PUP (PUP.Dealio)
[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Dropbox.exe -> Processus stoppé
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[01/06/2011 16:22:39] -- |A| -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk => Infection PUP (PUP.OfferBox)
[31/03/2011 20:00:28] -- |D| -- C:\Users\C-E-R\AppData\Roaming\EoRezo => Infection PUP (PUP.Eorezo)
[07/06/2011 21:11:10] -- |D| -- C:\Users\C-E-R\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
[11/04/2012 21:28:28] -- |D| -- C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[28/10/2011 20:35:42] -- |D| -- C:\Program Files (x86)\Nosibay => Infection PUP (Adware.SPointer)
[01/06/2011 16:22:29] -- |D| -- C:\Program Files (x86)\OfferBox => Infection PUP (PUP.OfferBox)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[24/07/2011 04:05:22] -- |D| -- C:\Program Files (x86)\Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\Common Files\Spigot => Infection PUP (PUP.Dealio)
"Dropbox"=Dropbox (Dropbox, Inc.) -> "C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Uninstall.exe"
"BabylonToolbar"=Babylon toolbar on IE () -> "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" => Infection BT (Toolbar.Babylon)
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc) -> C:\Program Files (x86)\Windows Searchqu Toolbar\uninstall.exe => Infection BT (Adware.Bandoo)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo) -> "C:\Users\Administrator\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe" => Infection PUP (PUP.Eorezo)
"{548904BC-BC37-4660-B8F8-6639A4D23520}"=pdfforge Toolbar v5.4 (Spigot, Inc.) -> MsiExec.exe /X{548904BC-BC37-4660-B8F8-6639A4D23520} => Infection BT (PUP.Dealio)
Malware (49)
=====
mozilla firefox à mettre impérativement à jour
desinstalle :
Old uninstallthis Toolbar
uTorrentBar_FR Toolbar
Conduit Engine
Searchqu Toolbar
NCH FR Toolbar
Babylon Toolbar
pdfforge Toolbar
Java update 29
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo)
=====
Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
processes::
ApplicationUpdater.exe
SearchSettings.exe
Registry::
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
"eorezo"=-
"QuickTime Task"=-
""=-
"SearchSettings"=-
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]
"{2be15141-5d7c-44e4-a3bf-3196d5c46d60}"=-
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
"10"=-
"{9e96c0cd-a901-4032-9236-0e4a264aeee4}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[HKU\S-1-5-21-1254838263-3573138858-973708718-1001\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=-
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164FA6ED-9840-459F-8281-83DC667A52F3}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22F5B18D-5093-4EC5-B413-EA01E75762EC}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKCU\Software\DataMngr]
[-HKCU\Software\DataMngr_Toolbar]
[-HKCU\Software\EoRezo]
[-HKLM\Software\Application Updater]
[-HKLM\Software\Babylon]
[-HKLM\Software\BabylonToolbar]
[-HKLM\Software\conduitEngine]
[-HKLM\Software\DataMngr]
[-HKLM\Software\EoRezo]
[-HKLM\Software\pdfforge]
[-HKLM\Software\Search Settings]
[-HKLM\Software\SearchquMediabarTb]
[-HKLM\Software\uTorrentBar_FR]
txt::
C:\Windows\System32\Tasks\{0DE577F6-8B88-4C14-9D08-DD32A5CB9F37}
C:\Windows\System32\Tasks\{1B977C79-3B11-4F6A-9F1D-65D41040C064}
C:\Windows\System32\Tasks\{2B74B7AF-56C0-49F3-88AB-EA5D0431696B}
C:\Windows\System32\Tasks\{320E4B84-9F72-40D2-978B-2F9893C2172E}
C:\Windows\System32\Tasks\{3594ED6C-9B05-456E-8787-AB2C1D7E32DD}
C:\Windows\System32\Tasks\{59C1C881-19BD-46C3-8E5A-3634BA44DDA7}
C:\Windows\System32\Tasks\{5A975F06-93E2-4166-A473-9D9C29FB9815}
C:\Windows\System32\Tasks\{8CAAEEA7-0AB4-462B-AEBC-2FB24D7C4F80}
C:\Windows\System32\Tasks\{90354BB7-16B0-4291-9B13-E026D7074ECA}
C:\Windows\System32\Tasks\{A3DE91F4-DEB0-4BE4-A6BE-A52CE5581EA6}
FF::
user_pref("browser.startup.homepage", "http://www.searchnu.com/421");
File::
C:\Windows\ðù¹
C:\user.js
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Folder::
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Nosibay
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{9e96c0cd-a901-4032-9236-0e4a264aeee4}
C:\Windows\assembly\tmp\10W4KCZS
C:\Windows\assembly\tmp\1HHLF4
C:\Windows\assembly\tmp\44NN0CT8
C:\Windows\assembly\tmp\4BQS37JL
C:\Windows\assembly\tmp\6M5R2TKG
C:\Windows\assembly\tmp\7LC4SW9Z
C:\Windows\assembly\tmp\DFA67AGL
C:\Windows\assembly\tmp\E99IUH5W
C:\Windows\assembly\tmp\GXCH4309
C:\Windows\assembly\tmp\JZBUY0UW
C:\Windows\assembly\tmp\MPY4SWIV
C:\Windows\assembly\tmp\PJQ1CUB3
C:\Windows\assembly\tmp\SCLDA8V0
C:\Windows\assembly\tmp\T0VPQS9Z
C:\Windows\assembly\tmp\UON9PJQN
C:\Windows\assembly\tmp\VKS2IRVQ
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\C-E-R\AppData\Roaming\EoRezo
C:\Users\C-E-R\AppData\Roaming\OfferBox
C:\ProgramData\Babylon
C:\Users\C-E-R\AppData\Local\Conduit
C:\Users\C-E-R\AppData\Local\{*}
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\Nosibay
C:\Program Files (x86)\OfferBox
C:\Program Files (x86)\pdfforge Toolbar
C:\Program Files (x86)\uTorrentBar_FR
C:\Program Files (x86)\Windows Searchqu Toolbar
Driver::
Application Updater
MBR::
clean::
Reboot::
___________________________________________________
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=============================
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
clique sur suppression et poste son rapport.
tu cliques vraiment sur n'importe quoi et ne lis pas à l'installation des logiciels....tu cliques , tu cliques....et t'es pourri/infecté
à titre info :
"SearchSettings"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" => Infection PUP (PUP.Dealio)
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=Searchqu Toolbar => Infection PUP (Adware.Bandoo)
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=Babylon Toolbar => Infection BT (Toolbar.Babylon)
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] | (Bubble Dock SurfMatch) -> C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll [19/10/2011 15:28:46] => Infection PUP (Adware.SPointer)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] | (Babylon toolbar helper) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [14/08/2011 14:24:26 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (Searchqu Toolbar) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll [12/07/2011 08:34:52] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] | (Loader Class) -> C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL [24/07/2011 04:05:55] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] | (pdfforge Toolbar) -> C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll [12/04/2012 10:39:16] => Infection BT (Adware.WidgiToolbar)
"AppInit_DLLS"=C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}] | (Search Results) -> http://www1.search-results.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND421%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGA&d=421-0&lang=en&atb=sysid%3D421%3Auid%3D9a8678d2c66cfa84%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND421%5EYY%5EFR{searchTerms} => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}] | (dtUser.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] | (BabylonToolbarsrv.exe) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (uninstall.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKCU\Software\DataMngr_Toolbar]
[HKCU\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\Application Updater] => Infection PUP (PUP.Dealio)
[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKLM\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\pdfforge] => Infection BT (PUP.Dealio)
[HKLM\Software\Search Settings] => Infection PUP (PUP.Dealio)
[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Dropbox.exe -> Processus stoppé
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[01/06/2011 16:22:39] -- |A| -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk => Infection PUP (PUP.OfferBox)
[31/03/2011 20:00:28] -- |D| -- C:\Users\C-E-R\AppData\Roaming\EoRezo => Infection PUP (PUP.Eorezo)
[07/06/2011 21:11:10] -- |D| -- C:\Users\C-E-R\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
[11/04/2012 21:28:28] -- |D| -- C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[28/10/2011 20:35:42] -- |D| -- C:\Program Files (x86)\Nosibay => Infection PUP (Adware.SPointer)
[01/06/2011 16:22:29] -- |D| -- C:\Program Files (x86)\OfferBox => Infection PUP (PUP.OfferBox)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[24/07/2011 04:05:22] -- |D| -- C:\Program Files (x86)\Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\Common Files\Spigot => Infection PUP (PUP.Dealio)
"Dropbox"=Dropbox (Dropbox, Inc.) -> "C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Uninstall.exe"
"BabylonToolbar"=Babylon toolbar on IE () -> "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" => Infection BT (Toolbar.Babylon)
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc) -> C:\Program Files (x86)\Windows Searchqu Toolbar\uninstall.exe => Infection BT (Adware.Bandoo)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo) -> "C:\Users\Administrator\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe" => Infection PUP (PUP.Eorezo)
"{548904BC-BC37-4660-B8F8-6639A4D23520}"=pdfforge Toolbar v5.4 (Spigot, Inc.) -> MsiExec.exe /X{548904BC-BC37-4660-B8F8-6639A4D23520} => Infection BT (PUP.Dealio)
Malware (49)
=====
mozilla firefox à mettre impérativement à jour
desinstalle :
Old uninstallthis Toolbar
uTorrentBar_FR Toolbar
Conduit Engine
Searchqu Toolbar
NCH FR Toolbar
Babylon Toolbar
pdfforge Toolbar
Java update 29
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo)
=====
Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
processes::
ApplicationUpdater.exe
SearchSettings.exe
Registry::
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
"eorezo"=-
"QuickTime Task"=-
""=-
"SearchSettings"=-
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]
"{2be15141-5d7c-44e4-a3bf-3196d5c46d60}"=-
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
"10"=-
"{9e96c0cd-a901-4032-9236-0e4a264aeee4}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[HKU\S-1-5-21-1254838263-3573138858-973708718-1001\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=-
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164FA6ED-9840-459F-8281-83DC667A52F3}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22F5B18D-5093-4EC5-B413-EA01E75762EC}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKCU\Software\DataMngr]
[-HKCU\Software\DataMngr_Toolbar]
[-HKCU\Software\EoRezo]
[-HKLM\Software\Application Updater]
[-HKLM\Software\Babylon]
[-HKLM\Software\BabylonToolbar]
[-HKLM\Software\conduitEngine]
[-HKLM\Software\DataMngr]
[-HKLM\Software\EoRezo]
[-HKLM\Software\pdfforge]
[-HKLM\Software\Search Settings]
[-HKLM\Software\SearchquMediabarTb]
[-HKLM\Software\uTorrentBar_FR]
txt::
C:\Windows\System32\Tasks\{0DE577F6-8B88-4C14-9D08-DD32A5CB9F37}
C:\Windows\System32\Tasks\{1B977C79-3B11-4F6A-9F1D-65D41040C064}
C:\Windows\System32\Tasks\{2B74B7AF-56C0-49F3-88AB-EA5D0431696B}
C:\Windows\System32\Tasks\{320E4B84-9F72-40D2-978B-2F9893C2172E}
C:\Windows\System32\Tasks\{3594ED6C-9B05-456E-8787-AB2C1D7E32DD}
C:\Windows\System32\Tasks\{59C1C881-19BD-46C3-8E5A-3634BA44DDA7}
C:\Windows\System32\Tasks\{5A975F06-93E2-4166-A473-9D9C29FB9815}
C:\Windows\System32\Tasks\{8CAAEEA7-0AB4-462B-AEBC-2FB24D7C4F80}
C:\Windows\System32\Tasks\{90354BB7-16B0-4291-9B13-E026D7074ECA}
C:\Windows\System32\Tasks\{A3DE91F4-DEB0-4BE4-A6BE-A52CE5581EA6}
FF::
user_pref("browser.startup.homepage", "http://www.searchnu.com/421");
File::
C:\Windows\ðù¹
C:\user.js
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Folder::
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Nosibay
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{9e96c0cd-a901-4032-9236-0e4a264aeee4}
C:\Windows\assembly\tmp\10W4KCZS
C:\Windows\assembly\tmp\1HHLF4
C:\Windows\assembly\tmp\44NN0CT8
C:\Windows\assembly\tmp\4BQS37JL
C:\Windows\assembly\tmp\6M5R2TKG
C:\Windows\assembly\tmp\7LC4SW9Z
C:\Windows\assembly\tmp\DFA67AGL
C:\Windows\assembly\tmp\E99IUH5W
C:\Windows\assembly\tmp\GXCH4309
C:\Windows\assembly\tmp\JZBUY0UW
C:\Windows\assembly\tmp\MPY4SWIV
C:\Windows\assembly\tmp\PJQ1CUB3
C:\Windows\assembly\tmp\SCLDA8V0
C:\Windows\assembly\tmp\T0VPQS9Z
C:\Windows\assembly\tmp\UON9PJQN
C:\Windows\assembly\tmp\VKS2IRVQ
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\C-E-R\AppData\Roaming\EoRezo
C:\Users\C-E-R\AppData\Roaming\OfferBox
C:\ProgramData\Babylon
C:\Users\C-E-R\AppData\Local\Conduit
C:\Users\C-E-R\AppData\Local\{*}
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\Nosibay
C:\Program Files (x86)\OfferBox
C:\Program Files (x86)\pdfforge Toolbar
C:\Program Files (x86)\uTorrentBar_FR
C:\Program Files (x86)\Windows Searchqu Toolbar
Driver::
Application Updater
MBR::
clean::
Reboot::
___________________________________________________
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=============================
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
clique sur suppression et poste son rapport.
23 avril 2012 à 12:46
Absent qq jour pour boulot...
le lien: http://pjjoint.malekal.com/files.php?id=20120423_b158n13q6o12
Merci
23 avril 2012 à 14:29
Mystere, mais ca marche, j'ai accès a ma séssion,
J'ai posté le scan au cas ou......
Merci a g3n