Virus Gendarmerie
Résolu/Fermé
A voir également:
- Virus Gendarmerie
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
2 réponses
salut
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
salut on est loin d'avoir fini ton ordi est une vraie poubelle numérique
tu cliques vraiment sur n'importe quoi et ne lis pas à l'installation des logiciels....tu cliques , tu cliques....et t'es pourri/infecté
à titre info :
"SearchSettings"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" => Infection PUP (PUP.Dealio)
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=Searchqu Toolbar => Infection PUP (Adware.Bandoo)
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=Babylon Toolbar => Infection BT (Toolbar.Babylon)
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] | (Bubble Dock SurfMatch) -> C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll [19/10/2011 15:28:46] => Infection PUP (Adware.SPointer)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] | (Babylon toolbar helper) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [14/08/2011 14:24:26 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (Searchqu Toolbar) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll [12/07/2011 08:34:52] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] | (Loader Class) -> C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL [24/07/2011 04:05:55] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] | (pdfforge Toolbar) -> C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll [12/04/2012 10:39:16] => Infection BT (Adware.WidgiToolbar)
"AppInit_DLLS"=C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}] | (Search Results) -> http://www1.search-results.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND421%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGA&d=421-0&lang=en&atb=sysid%3D421%3Auid%3D9a8678d2c66cfa84%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND421%5EYY%5EFR{searchTerms} => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}] | (dtUser.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] | (BabylonToolbarsrv.exe) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (uninstall.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKCU\Software\DataMngr_Toolbar]
[HKCU\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\Application Updater] => Infection PUP (PUP.Dealio)
[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKLM\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\pdfforge] => Infection BT (PUP.Dealio)
[HKLM\Software\Search Settings] => Infection PUP (PUP.Dealio)
[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Dropbox.exe -> Processus stoppé
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[01/06/2011 16:22:39] -- |A| -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk => Infection PUP (PUP.OfferBox)
[31/03/2011 20:00:28] -- |D| -- C:\Users\C-E-R\AppData\Roaming\EoRezo => Infection PUP (PUP.Eorezo)
[07/06/2011 21:11:10] -- |D| -- C:\Users\C-E-R\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
[11/04/2012 21:28:28] -- |D| -- C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[28/10/2011 20:35:42] -- |D| -- C:\Program Files (x86)\Nosibay => Infection PUP (Adware.SPointer)
[01/06/2011 16:22:29] -- |D| -- C:\Program Files (x86)\OfferBox => Infection PUP (PUP.OfferBox)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[24/07/2011 04:05:22] -- |D| -- C:\Program Files (x86)\Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\Common Files\Spigot => Infection PUP (PUP.Dealio)
"Dropbox"=Dropbox (Dropbox, Inc.) -> "C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Uninstall.exe"
"BabylonToolbar"=Babylon toolbar on IE () -> "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" => Infection BT (Toolbar.Babylon)
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc) -> C:\Program Files (x86)\Windows Searchqu Toolbar\uninstall.exe => Infection BT (Adware.Bandoo)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo) -> "C:\Users\Administrator\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe" => Infection PUP (PUP.Eorezo)
"{548904BC-BC37-4660-B8F8-6639A4D23520}"=pdfforge Toolbar v5.4 (Spigot, Inc.) -> MsiExec.exe /X{548904BC-BC37-4660-B8F8-6639A4D23520} => Infection BT (PUP.Dealio)
Malware (49)
=====
mozilla firefox à mettre impérativement à jour
desinstalle :
Old uninstallthis Toolbar
uTorrentBar_FR Toolbar
Conduit Engine
Searchqu Toolbar
NCH FR Toolbar
Babylon Toolbar
pdfforge Toolbar
Java update 29
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo)
=====
Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
processes::
ApplicationUpdater.exe
SearchSettings.exe
Registry::
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
"eorezo"=-
"QuickTime Task"=-
""=-
"SearchSettings"=-
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]
"{2be15141-5d7c-44e4-a3bf-3196d5c46d60}"=-
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
"10"=-
"{9e96c0cd-a901-4032-9236-0e4a264aeee4}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[HKU\S-1-5-21-1254838263-3573138858-973708718-1001\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=-
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164FA6ED-9840-459F-8281-83DC667A52F3}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22F5B18D-5093-4EC5-B413-EA01E75762EC}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKCU\Software\DataMngr]
[-HKCU\Software\DataMngr_Toolbar]
[-HKCU\Software\EoRezo]
[-HKLM\Software\Application Updater]
[-HKLM\Software\Babylon]
[-HKLM\Software\BabylonToolbar]
[-HKLM\Software\conduitEngine]
[-HKLM\Software\DataMngr]
[-HKLM\Software\EoRezo]
[-HKLM\Software\pdfforge]
[-HKLM\Software\Search Settings]
[-HKLM\Software\SearchquMediabarTb]
[-HKLM\Software\uTorrentBar_FR]
txt::
C:\Windows\System32\Tasks\{0DE577F6-8B88-4C14-9D08-DD32A5CB9F37}
C:\Windows\System32\Tasks\{1B977C79-3B11-4F6A-9F1D-65D41040C064}
C:\Windows\System32\Tasks\{2B74B7AF-56C0-49F3-88AB-EA5D0431696B}
C:\Windows\System32\Tasks\{320E4B84-9F72-40D2-978B-2F9893C2172E}
C:\Windows\System32\Tasks\{3594ED6C-9B05-456E-8787-AB2C1D7E32DD}
C:\Windows\System32\Tasks\{59C1C881-19BD-46C3-8E5A-3634BA44DDA7}
C:\Windows\System32\Tasks\{5A975F06-93E2-4166-A473-9D9C29FB9815}
C:\Windows\System32\Tasks\{8CAAEEA7-0AB4-462B-AEBC-2FB24D7C4F80}
C:\Windows\System32\Tasks\{90354BB7-16B0-4291-9B13-E026D7074ECA}
C:\Windows\System32\Tasks\{A3DE91F4-DEB0-4BE4-A6BE-A52CE5581EA6}
FF::
user_pref("browser.startup.homepage", "http://www.searchnu.com/421");
File::
C:\Windows\ðù¹
C:\user.js
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Folder::
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Nosibay
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{9e96c0cd-a901-4032-9236-0e4a264aeee4}
C:\Windows\assembly\tmp\10W4KCZS
C:\Windows\assembly\tmp\1HHLF4
C:\Windows\assembly\tmp\44NN0CT8
C:\Windows\assembly\tmp\4BQS37JL
C:\Windows\assembly\tmp\6M5R2TKG
C:\Windows\assembly\tmp\7LC4SW9Z
C:\Windows\assembly\tmp\DFA67AGL
C:\Windows\assembly\tmp\E99IUH5W
C:\Windows\assembly\tmp\GXCH4309
C:\Windows\assembly\tmp\JZBUY0UW
C:\Windows\assembly\tmp\MPY4SWIV
C:\Windows\assembly\tmp\PJQ1CUB3
C:\Windows\assembly\tmp\SCLDA8V0
C:\Windows\assembly\tmp\T0VPQS9Z
C:\Windows\assembly\tmp\UON9PJQN
C:\Windows\assembly\tmp\VKS2IRVQ
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\C-E-R\AppData\Roaming\EoRezo
C:\Users\C-E-R\AppData\Roaming\OfferBox
C:\ProgramData\Babylon
C:\Users\C-E-R\AppData\Local\Conduit
C:\Users\C-E-R\AppData\Local\{*}
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\Nosibay
C:\Program Files (x86)\OfferBox
C:\Program Files (x86)\pdfforge Toolbar
C:\Program Files (x86)\uTorrentBar_FR
C:\Program Files (x86)\Windows Searchqu Toolbar
Driver::
Application Updater
MBR::
clean::
Reboot::
___________________________________________________
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=============================
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
clique sur suppression et poste son rapport.
tu cliques vraiment sur n'importe quoi et ne lis pas à l'installation des logiciels....tu cliques , tu cliques....et t'es pourri/infecté
à titre info :
"SearchSettings"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" => Infection PUP (PUP.Dealio)
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=Searchqu Toolbar => Infection PUP (Adware.Bandoo)
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=Babylon Toolbar => Infection BT (Toolbar.Babylon)
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] | (Bubble Dock SurfMatch) -> C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll [19/10/2011 15:28:46] => Infection PUP (Adware.SPointer)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] | (Babylon toolbar helper) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [14/08/2011 14:24:26 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (Searchqu Toolbar) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll [12/07/2011 08:34:52] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] | (Loader Class) -> C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL [24/07/2011 04:05:55] => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] | (pdfforge Toolbar) -> C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll [12/04/2012 10:39:16] => Infection BT (Adware.WidgiToolbar)
"AppInit_DLLS"=C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll => Infection BT (Adware.Bandoo)
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}] | (Search Results) -> http://www1.search-results.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND421%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGA&d=421-0&lang=en&atb=sysid%3D421%3Auid%3D9a8678d2c66cfa84%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND421%5EYY%5EFR{searchTerms} => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}] | (dtUser.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] | (BabylonToolbarsrv.exe) -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 => Infection BT (Toolbar.Babylon)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}] | (uninstall.exe) -> C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar => Infection BT (Adware.Bandoo)
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} => Infection PUP (Adware.Bandoo)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKCU\Software\DataMngr_Toolbar]
[HKCU\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\Application Updater] => Infection PUP (PUP.Dealio)
[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKLM\Software\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)
[HKLM\Software\EoRezo] => Infection PUP (PUP.Eorezo)
[HKLM\Software\pdfforge] => Infection BT (PUP.Dealio)
[HKLM\Software\Search Settings] => Infection PUP (PUP.Dealio)
[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe -> Processus stoppé => Infection PUP (PUP.Dealio)
C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Dropbox.exe -> Processus stoppé
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[01/06/2011 16:22:39] -- |A| -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk => Infection PUP (PUP.OfferBox)
[31/03/2011 20:00:28] -- |D| -- C:\Users\C-E-R\AppData\Roaming\EoRezo => Infection PUP (PUP.Eorezo)
[07/06/2011 21:11:10] -- |D| -- C:\Users\C-E-R\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
[11/04/2012 21:28:28] -- |D| -- C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
[17/04/2012 08:15:56] -- |D| -- C:\Program Files (x86)\Application Updater => Infection PUP (PUP.Dealio)
[11/04/2012 21:28:46] -- |D| -- C:\Program Files (x86)\BabylonToolbar => Infection BT (Toolbar.Babylon)
[28/10/2011 20:35:42] -- |D| -- C:\Program Files (x86)\Nosibay => Infection PUP (Adware.SPointer)
[01/06/2011 16:22:29] -- |D| -- C:\Program Files (x86)\OfferBox => Infection PUP (PUP.OfferBox)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\pdfforge Toolbar => Infection BT (Adware.WidgiToolbar)
[24/07/2011 04:05:22] -- |D| -- C:\Program Files (x86)\Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)
[17/04/2012 08:15:55] -- |D| -- C:\Program Files (x86)\Common Files\Spigot => Infection PUP (PUP.Dealio)
"Dropbox"=Dropbox (Dropbox, Inc.) -> "C:\Users\C-E-R\AppData\Roaming\Dropbox\bin\Uninstall.exe"
"BabylonToolbar"=Babylon toolbar on IE () -> "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" => Infection BT (Toolbar.Babylon)
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc) -> C:\Program Files (x86)\Windows Searchqu Toolbar\uninstall.exe => Infection BT (Adware.Bandoo)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo) -> "C:\Users\Administrator\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe" => Infection PUP (PUP.Eorezo)
"{548904BC-BC37-4660-B8F8-6639A4D23520}"=pdfforge Toolbar v5.4 (Spigot, Inc.) -> MsiExec.exe /X{548904BC-BC37-4660-B8F8-6639A4D23520} => Infection BT (PUP.Dealio)
Malware (49)
=====
mozilla firefox à mettre impérativement à jour
desinstalle :
Old uninstallthis Toolbar
uTorrentBar_FR Toolbar
Conduit Engine
Searchqu Toolbar
NCH FR Toolbar
Babylon Toolbar
pdfforge Toolbar
Java update 29
"Searchqu 0 MediaBar"=Windows Searchqu Toolbar (Bandoo Media Inc)
"SoftwareUpdate_is1"=SoftwareUpdate 1.5 (EoRezo)
=====
Selectionne tout le texte en gras ci-dessous sans les lignes de dessus-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
processes::
ApplicationUpdater.exe
SearchSettings.exe
Registry::
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
"eorezo"=-
"QuickTime Task"=-
""=-
"SearchSettings"=-
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]
"{2be15141-5d7c-44e4-a3bf-3196d5c46d60}"=-
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
"10"=-
"{9e96c0cd-a901-4032-9236-0e4a264aeee4}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[HKU\S-1-5-21-1254838263-3573138858-973708718-1001\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=-
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164FA6ED-9840-459F-8281-83DC667A52F3}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22F5B18D-5093-4EC5-B413-EA01E75762EC}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E9A49F-6458-4D82-8F61-F9CE1F980253}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKCU\Software\DataMngr]
[-HKCU\Software\DataMngr_Toolbar]
[-HKCU\Software\EoRezo]
[-HKLM\Software\Application Updater]
[-HKLM\Software\Babylon]
[-HKLM\Software\BabylonToolbar]
[-HKLM\Software\conduitEngine]
[-HKLM\Software\DataMngr]
[-HKLM\Software\EoRezo]
[-HKLM\Software\pdfforge]
[-HKLM\Software\Search Settings]
[-HKLM\Software\SearchquMediabarTb]
[-HKLM\Software\uTorrentBar_FR]
txt::
C:\Windows\System32\Tasks\{0DE577F6-8B88-4C14-9D08-DD32A5CB9F37}
C:\Windows\System32\Tasks\{1B977C79-3B11-4F6A-9F1D-65D41040C064}
C:\Windows\System32\Tasks\{2B74B7AF-56C0-49F3-88AB-EA5D0431696B}
C:\Windows\System32\Tasks\{320E4B84-9F72-40D2-978B-2F9893C2172E}
C:\Windows\System32\Tasks\{3594ED6C-9B05-456E-8787-AB2C1D7E32DD}
C:\Windows\System32\Tasks\{59C1C881-19BD-46C3-8E5A-3634BA44DDA7}
C:\Windows\System32\Tasks\{5A975F06-93E2-4166-A473-9D9C29FB9815}
C:\Windows\System32\Tasks\{8CAAEEA7-0AB4-462B-AEBC-2FB24D7C4F80}
C:\Windows\System32\Tasks\{90354BB7-16B0-4291-9B13-E026D7074ECA}
C:\Windows\System32\Tasks\{A3DE91F4-DEB0-4BE4-A6BE-A52CE5581EA6}
FF::
user_pref("browser.startup.homepage", "http://www.searchnu.com/421");
File::
C:\Windows\ðù¹
C:\user.js
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Folder::
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Nosibay
C:\Users\C-E-R\AppData\Roaming\Mozilla\Firefox\Profiles\ykjns1p5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\elhb0nsk.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\pdfforge@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\wtxpcom@mybrowserbar.com
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kti25xp7.default\extensions\{9e96c0cd-a901-4032-9236-0e4a264aeee4}
C:\Windows\assembly\tmp\10W4KCZS
C:\Windows\assembly\tmp\1HHLF4
C:\Windows\assembly\tmp\44NN0CT8
C:\Windows\assembly\tmp\4BQS37JL
C:\Windows\assembly\tmp\6M5R2TKG
C:\Windows\assembly\tmp\7LC4SW9Z
C:\Windows\assembly\tmp\DFA67AGL
C:\Windows\assembly\tmp\E99IUH5W
C:\Windows\assembly\tmp\GXCH4309
C:\Windows\assembly\tmp\JZBUY0UW
C:\Windows\assembly\tmp\MPY4SWIV
C:\Windows\assembly\tmp\PJQ1CUB3
C:\Windows\assembly\tmp\SCLDA8V0
C:\Windows\assembly\tmp\T0VPQS9Z
C:\Windows\assembly\tmp\UON9PJQN
C:\Windows\assembly\tmp\VKS2IRVQ
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\C-E-R\AppData\Roaming\EoRezo
C:\Users\C-E-R\AppData\Roaming\OfferBox
C:\ProgramData\Babylon
C:\Users\C-E-R\AppData\Local\Conduit
C:\Users\C-E-R\AppData\Local\{*}
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\Nosibay
C:\Program Files (x86)\OfferBox
C:\Program Files (x86)\pdfforge Toolbar
C:\Program Files (x86)\uTorrentBar_FR
C:\Program Files (x86)\Windows Searchqu Toolbar
Driver::
Application Updater
MBR::
clean::
Reboot::
___________________________________________________
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=============================
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
clique sur suppression et poste son rapport.
23 avril 2012 à 12:46
Absent qq jour pour boulot...
le lien: http://pjjoint.malekal.com/files.php?id=20120423_b158n13q6o12
Merci
23 avril 2012 à 14:29
Mystere, mais ca marche, j'ai accès a ma séssion,
J'ai posté le scan au cas ou......
Merci a g3n