Virus police et gendarmerie
retrotony
Messages postés
46
Statut
Membre
-
retrotony Messages postés 46 Statut Membre -
retrotony Messages postés 46 Statut Membre -
Bonjour,
Mon PC a été infecté par le fameux virus police gendarmerie qui reclame de l'argent en échange du déblocage du pc.
j'ai regardé plusieurs tuto sur le net, j'ai donc téléchargé un cd live reatogo et lancé otlpe mais rien n'y fait, au redémarrage du pc pas de prise en charge du mode sans échec.
Quelqu'un peut t'il m'aider ?
Mon PC a été infecté par le fameux virus police gendarmerie qui reclame de l'argent en échange du déblocage du pc.
j'ai regardé plusieurs tuto sur le net, j'ai donc téléchargé un cd live reatogo et lancé otlpe mais rien n'y fait, au redémarrage du pc pas de prise en charge du mode sans échec.
Quelqu'un peut t'il m'aider ?
A voir également:
- Virus police et gendarmerie
- Virus mcafee - Accueil - Piratage
- Changer police facebook - Guide
- Police aptos - Accueil - Bureautique
- Police instagram - Guide
- Police d'écriture journal ancien ✓ - Forum Graphisme
8 réponses
Salut,
Poste le rapport OLTPE sur http://pjjoint.malekal.com
Donne le lien ici.
Poste le rapport OLTPE sur http://pjjoint.malekal.com
Donne le lien ici.
retrotony
Messages postés
46
Statut
Membre
https://pjjoint.malekal.com/files.php?id=OTL_20120423_u9d15r8t6p11
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - File not found
[2012/01/22 10:06:50 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe85.dll
[2012/04/22 09:37:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\seti0.exe
[2012/01/30 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Babylon
[2012/01/30 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/04/07 12:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software
[2012/04/05 17:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Software
[2012/04/05 17:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Software
[2012/04/05 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Propriétaire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
DRV - File not found [Kernel | System] -- -- (nbjotgjo)
DRV - File not found [Kernel | System] -- -- (mchoduxf)
* redemarre le pc sous windows et poste le rapport ici
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - File not found
[2012/01/22 10:06:50 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe85.dll
[2012/04/22 09:37:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\seti0.exe
[2012/01/30 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Babylon
[2012/01/30 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/04/07 12:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software
[2012/04/05 17:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Software
[2012/04/05 17:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Software
[2012/04/05 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Propriétaire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
DRV - File not found [Kernel | System] -- -- (nbjotgjo)
DRV - File not found [Kernel | System] -- -- (mchoduxf)
* redemarre le pc sous windows et poste le rapport ici
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\hpe85.dll moved successfully.
C:\WINDOWS\system32\seti0.exe moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software\Update\Manifest folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software\Update folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software\Update\Manifest folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software\Update folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software folder moved successfully.
C:\Program Files\Software\CrashReports folder moved successfully.
C:\Program Files\Software folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\Update\Manifest folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\Update folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\CrashReports folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Propriétaire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nbjotgjo deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchoduxf deleted successfully.
OTLPE by OldTimer - Version 3.1.48.0 log created on 04242012_050024
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\hpe85.dll moved successfully.
C:\WINDOWS\system32\seti0.exe moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software\Update\Manifest folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software\Update folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software\Update\Manifest folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software\Update folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Software folder moved successfully.
C:\Program Files\Software\CrashReports folder moved successfully.
C:\Program Files\Software folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\Update\Manifest folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\Update folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software\CrashReports folder moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Software folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Propriétaire_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nbjotgjo deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchoduxf deleted successfully.
OTLPE by OldTimer - Version 3.1.48.0 log created on 04242012_050024
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Windows ne démarre plus, au démarrage du pc il y a la fenêtre du mode sans échec sans pouvoir y accéder.
Le mode sans échec ne marche pas aucun des autres mode fonctionnent d'ailleurs, uniquement le démarrage avec un cd live.
Merci de ton retour
Le mode sans échec ne marche pas aucun des autres mode fonctionnent d'ailleurs, uniquement le démarrage avec un cd live.
Merci de ton retour
Tu veux dire que le virus gendarmerie continue à se lancer ?
C'est celui là que tu as https://www.malekal.com/fichiers/spywares/Ransom.Gendarmerie_ordinateur_bloque_loi_france.png ?
Retourne sur OTLPE et relance OTL.
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
C'est celui là que tu as https://www.malekal.com/fichiers/spywares/Ransom.Gendarmerie_ordinateur_bloque_loi_france.png ?
Retourne sur OTLPE et relance OTL.
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Alors il faudrait faire ça : https://forum.malekal.com/viewtopic.php?t=36068&start=
Mais faut un CD de Windows XP pour pouvoir faire ça.
Mais faut un CD de Windows XP pour pouvoir faire ça.
Voici le scan :
https://pjjoint.malekal.com/files.php?id=20120424_d11d14g8o12j13
https://pjjoint.malekal.com/files.php?id=20120424_d11d14g8o12j13
l'est ok le rapport.
Pour le redémarrage en boucle,
voir messages ci-dessus:
https://forums.commentcamarche.net/forum/affich-25014675-virus-police-et-gendarmerie#15
https://forums.commentcamarche.net/forum/affich-25014675-virus-police-et-gendarmerie#14
Pour le redémarrage en boucle,
voir messages ci-dessus:
https://forums.commentcamarche.net/forum/affich-25014675-virus-police-et-gendarmerie#15
https://forums.commentcamarche.net/forum/affich-25014675-virus-police-et-gendarmerie#14
